Rigor Protocol contest - 0xNazgul's results

Lines of code

https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/Community.sol#L468 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/Community.sol#L497 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/Community.sol#L550

Vulnerability details

Impact

All ways to call _reduceDebt() is prevented when the contract is paused. Not allowing builders to pay on their outstanding loans during long term critical pauses. Even if done off-chain, community owner can't trigger reduceDebt() for it too would be paused. Leaving interest to continue increasing until unpaused.

Proof of Concept

1. Alice a builder has an outstanding loan to repay and plans on doing so at the end of the week.
2. Mallory finds a hackable way that causes the Community.sol contract owners to pause it for an extended period of time.
3. This prevents Alice from paying off her loan on-chain, while she can do so off-chain. The community owner is also prevented from doing so on-chain causing accounting errors.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider removing the whenNotPaused() modifier on reduceDebt() so that community owners can still call reduceDebt() during a critical event.

[NAZ-L1] ecrecover() not checked for address of zero

Severity Low Context: SignatureDecoder.sol#L39

Description: The function calls the Solidity ecrecover() function directly to verify the given signatures. However, the ecrecover() EVM opcode allows malleable (non-unique) signatures and thus is susceptible to replay attacks.

Although a replay attack seems not possible here since the nonce is increased each time, ensuring the signatures are not malleable is considered a best practice.

Recommendation: Use the ecrecover function from OpenZeppelin's ECDSA library for signature verification.

[NAZ-L2] Missing onlyActive() Modifier In The Function unApprove()

Severity Low Context: Tasks.sol

Description: In the natspec above the function unApprove() it contains @dev modifier onlyActive but the function itself doesn't contain the modifier. The function should use this modifier and could cause issues without it.

Recommendation: Consider adding in the onlyActive() modifier in the function unApprove().

[NAZ-L3] Lack of Two-Step Process for Critical Operations

Severity Low Context: HomeFiProxy.sol#L150-L157, HomeFi.sol#L157-L168

Description: This function transfers the ownership of the contract in a single step. There is no way to reverse a one-step transfer of ownership to an address without an owner. This would not be the case if ownership were transferred through a two-step process in which an owner proposed a transfer and the prospective recipient accepted it.

Recommendation: Use a two-step process for ownership transfers.

[NAZ-L4] Uninitialized Upgradeable contract

Severity Low Context: Disputes.sol#L74-L81, HomeFi.sol#L92-L120, Project.sol#L94-L105, Community.sol#L102-L119

Description: This is not causing any harm because of the design of this contract. As this function internally only calls STATUS=!NOT_ENTERED with no impact on the logic. However, suppose OZ someday decide to upgrade this contract an you use the new version it is possible that your contract will not work.

Recommendation: Consider adding __ReentrancyGuard_init_unchained();. The _status value being zero on deployment saves gas but instead passes it on to the first user to call a function with the modifier.

[NAZ-L5] Value Range Validity for Setters

Severity Low Context: HomeFi.sol#L115, HomeFi.sol#L185-L197

Description: These functions doesn't have any checks to ensure that the variables being set is within some kind of value range.

Recommendation: Each variable input parameter updated should have it's own value range checks to ensure their validity.

[NAZ-L6] Missing Time locks

Severity: Low Context: ProjectFactory.sol#L58-L71, HomeFiProxy.sol#L150-L157, HomeFi.sol#L123-L154, HomeFi.sol#L157-L168, HomeFi.sol#L171-L207

Description: When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them an opportunity to exit or adjust their engagement with the system accordingly. None of the onlyOwner functions that change critical protocol addresses/parameters have a time-lock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and give them a chance to perform incident response.

Recommendation: Users may be surprised when critical parameters are changed. Furthermore, it can erode users' trust since they can’t be sure the protocol rules won’t be changed later on. Compromised owner keys may be used to change protocol addresses/parameters to benefit attackers. Without a time-delay, authorized owners have no time for any planned incident response.

[NAZ-L7] Missing Events In Initialize Functions

Severity: Low Context: DebtToken.sol#L43-L58, ProjectFactory.sol#L45-L55, Disputes.sol#L74-L81, HomeFi.sol#L92-L120, Project.sol#L94-L105, Community.sol#L102-L119

Description: None of the initialize functions emit emit init-specific events. They all however have the initializer modifier (from Initializable) so that they can be called only once. Off-chain monitoring of calls to these critical functions is not possible.

Recommendation: It is recommended to perform validation of input parameters and emit events.

[NAZ-N1] Empty Event

Severity: Informational Context: HomeFi.sol#L153

Description: The event used in this function is empty and doesn't emit the addresses that are set.

Recommendation: Consider adding the addresses that are set and indexing the most important ones set.

[NAZ-N2] Spelling Errors

Severity: Informational Context: HomeFiProxy.sol#L29 (tell => tells), HomeFiProxy.sol#L50 (generate => generates), HomeFiProxy.sol#L54 (contract => contracts), HomeFiProxy.sol#L86 (implementation => implementations), HomeFiProxy.sol#L118 (Upgrades a multiple => Upgrades multiple), HomeFiProxy.sol#L132 (length => lengths), HomeFiProxy.sol#L143 (deploy => deploy a), HomeFi.sol#L115 (with => by), HomeFi.sol#L164 (Replace => Replaces), Project.sol#L205 (builder => builder/lender), Project.sol#L285 (not has => has not), Project.sol#L376 (present => present,), Project.sol#L379 (then it => then give it), Project.sol#L455 (As as => As), Project.sol#L483 (from => for), Project.sol#L647 (there => they are), Project.sol#L680 (allocated => allocated,), Project.sol#L684 (allocated => allocated,), Project.sol#L904 (with => by), Community.sol#L618 (equal equal => equal), Community.sol#L796 (lesser => less), Tasks.sol#L48 (inactive => active)

Description: Spelling errors in comments can cause confusion to both users and developers.

Recommendation: Check all misspellings to ensure they are corrected.

[NAZ-N3] Use Underscores for Number Literals

Severity: Informational Context: Project.sol#L60, Project.sol#L907, Community.sol#L394, Community.sol#L686, Community.sol#L694

Description: There are multiple occasions where certain numbers have been hardcoded, either in variables or in the code itself. Large numbers can become hard to read.

Recommendation: Consider using underscores for number literals to improve its readability.

[NAZ-N4] Missing or Incomplete NatSpec

Severity: Informational Context: All Contracts

Description: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.

Recommendation: Add in full NatSpec comments for all functions to have complete code documentation for future use.

[NAZ-N5] Older Version Pragma

Severity: Informational Context: All Contracts

Description: Using very old versions of Solidity prevents benefits of bug fixes and newer security checks. Using the latest versions might make contracts susceptible to undiscovered compiler bugs.

Recommendation: Consider using the most recent version.

[NAZ-G1] __Pausable_init(); Can Be Removed

Context: Community.sol#L109

Description: When __Pausable_init(); is called it sets bool private _paused; to false. By default any bool is already false.

Recommendation: Consider Removing __Pausable_init(); from the initialize() function to save gas.

[NAZ-G2] In require(), Use != 0 Instead of > 0 With Uint Values

Context: Disputes.sol#L107, Project.sol#L195, Community.sol#L764

Description: In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Recommendation: Use != 0 instead of > 0 with uint values but only in require() statements.

[NAZ-G3] Use ++index instead of index++ to increment a loop counter

Context: HomeFiProxy.sol#L87, HomeFiProxy.sol#L136, Project.sol#L248, Project.sol#L311, Project.sol#L322, Project.sol#L368, Project.sol#L603, Project.sol#L650, Project.sol#L710, Community.sol#L624, Tasks.sol#L181

Description: Due to reduced stack operations, using ++index saves 5 gas per iteration.

Recommendation: Use ++index to increment a loop counter.

[NAZ-G4] The Increment In For Loop Post Condition Can Be Made Unchecked

Context: HomeFiProxy.sol#L87, HomeFiProxy.sol#L136, Project.sol#L248, Project.sol#L311, Project.sol#L322, Project.sol#L368, Project.sol#L603, Project.sol#L650, Project.sol#L710, Community.sol#L624, Tasks.sol#L181

Description: (This is only relevant if you are using the default solidity checked arithmetic). i++ involves checked arithmetic, which is not required. This is because the value of i is always strictly less than length <= 2**256 - 1. Therefore, the theoretical maximum value of i to enter the for-loop body is 2**256 - 2. This means that the i++ in the for loop can never overflow. Regardless, the overflow checks are performed by the compiler.

Unfortunately, the Solidity optimizer is not smart enough to detect this and remove the checks. One can manually do this by:

for (uint i = 0; i < length; i = unchecked_inc(i)) {
    // do something that doesn't change the value of i
}

function unchecked_inc(uint i) returns (uint) {
    unchecked {
        return i + 1;
    }
}

Note that it’s important that the call to unchecked_inc is inlined. This is only possible for solidity versions starting from 0.8.2.

Recommendation: The increment in the for loop post condition can be made unchecked.

[NAZ-G5] Catching The Array Length Prior To Loop

Context: Project.sol#L603

Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Recommendation: Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.

[NAZ-G6] Setting The Constructor To Payable

Context: Project.sol

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.

Recommendation: Set the constructor to payable.

[NAZ-G7] Use of Custom Errors Instead of String

Context: All Contracts

Description: To save some gas the use of custom errors leads to cheaper deploy time cost and run time cost. The run time cost is only relevant when the revert condition is met.

Recommendation: Use Custom Errors instead of strings.

[NAZ-G8] Function Ordering via Method ID

Context: All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.

Recommendation: Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.