Y2k Finance contest - 0xNazgul's results

Lines of code

https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/SemiFungibleVault.sol#L110 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L203

Vulnerability details

Impact

withdraw() is meant for the owner or approved receiver to withdraw the owner's deposited assets and burn the owner's shares. It checks if msg.sender == owner OR if isApprovedForAll(owner, receiver). If the owner has approved for all a receiver and someone knows the address of both, they can call withdraw() with those and burn the owner's shares whenever.

Proof of Concept

1. Alice the owner of some assets calls deposit() and setApprovesForAll() with her friend Bob's address as an operator.
2. Mallory sees that isApprovedForAll(Alice, Bob) is true and calls withdraw() to pass the check burning all of Alice's Share prematurely.

Tools Used

Manual Review

Recommended Mitigation Steps

Although there is no loss of funds allowing anyone to burn someone else's shares should not be allowed. Consider an additional check to ensure isApprovedForAll(owner, msg.sender).

[NAZ-L1] Value Range Validity for Setters

Severity Low Context: VaultFactory.sol#L327

Description: These functions doesn't have any checks to ensure that the variables being set is within some kind of value range.

Recommendation: Each variable input parameter updated should have it's own value range checks to ensure their validity.

[NAZ-L2] Missing Equivalence Checks in Setters

Severity: Low Context: Vault.sol#L277, Vault.sol#L287, Vault.sol#L295, VaultFactory.sol#L295, VaultFactory.sol#L308, VaultFactory.sol#L327, VaultFactory.sol#L345, VaultFactory.sol#L366

Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.

Recommendation: This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.

[NAZ-L3] Missing Time locks

Severity: Low Context: VaultFactory.sol#L295, VaultFactory.sol#L308, VaultFactory.sol#L327, VaultFactory.sol#L345, VaultFactory.sol#L366

Description: When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them an opportunity to exit or adjust their engagement with the system accordingly. None of the onlyOwner functions that change critical protocol addresses/parameters have a time-lock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and give them a chance to perform incident response.

Recommendation: Users may be surprised when critical parameters are changed. Furthermore, it can erode users' trust since they can’t be sure the protocol rules won’t be changed later on. Compromised owner keys may be used to change protocol addresses/parameters to benefit attackers. Without a time-delay, authorized owners have no time for any planned incident response.

[NAZ-L4] Missing Zero-address Validation

Severity: Low Context: SemiFungibleVault.sol#L66, VaultFactory.sol#L308, StakingRewards.sol#L74-L76, RewardsFactory.sol#L64-L66

Description: Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.

Recommendation: Consider adding explicit zero-address validation on input parameters of address type.

[NAZ-N1] Function States Named Return But Doesn't Use It

Severity Informational Context: PegOracle.sol#L89, PegOracle.sol#L128

Description: The linked function(s) have a named return that is not used. Using both named returns and a return statement isn't necessary.

Recommendation: Removing one of those can improve code clarity.

[NAZ-N2] Line Length

Severity: Informational Context: Vault.sol#L109, Vault.sol#L147-L149, Vault.sol#L178-L179, Vault.sol#L197-L199, Vault.sol#L242, Vault.sol#L303-L305, Vault.sol#L332-L333, Vault.sol#L346-L347, Vault.sol#L356-L358, Vault.sol#L374, VaultFactory.sol#L168-L169, VaultFactory.sol#L172-L173, VaultFactory.sol#L242, VaultFactory.sol#L244-L246, VaultFactory.sol#L263, RewardsFactory.sol#L25, RewardsFactory.sol#L27

Description: Max line length must be no more than 120 but many lines are extended past this length.

Recommendation: Consider cutting down the line length below 120.

[NAZ-N3] Code Structure Deviates From Best-Practice

Severity: Informational Context: SemiFungibleVault.sol#L110, VaultFactory.sol#L19, StakingRewards.sol#L143

Description: The best-practice layout for a contract should follow the following order: state variables, events, modifiers, constructor and functions. Function ordering helps readers identify which functions they can call and find constructor and fallback functions easier. Functions should be grouped according to their visibility and ordered as: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private. Functions should then further be ordered with view functions coming after the non-view labeled ones.

Recommendation: Consider adopting recommended best-practice for code structure and layout.

[NAZ-N4] Function && Variable Naming Convention

Severity Informational Context: Controller.sol#L13-L15, PegOracle.sol#L15-L16, PegOracle.sol#L89, PegOracle.sol#L112, PegOracle.sol#L22, SemiFungibleVault.sol#L276, SemiFungibleVault.sol#L282, Vault.sol#L35, Vault.sol#L37, VaultFactory.sol#L85, VaultFactory.sol#L91, VaultFactory.sol#L97, VaultFactory.sol#L103, VaultFactory.sol#L109, VaultFactory.sol#L113

Description: The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the mixedCase format unless variables are declared as constant in which case they utilize the UPPER_CASE_WITH_UNDERSCORES format. Private variables and functions should lead with an _underscore. Events should be in CamelCase.

Recommendation: Consider naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.

[NAZ-N5] Unindexed Event Parameters

Severity Informational Context: Controller.sol#L49, StakingRewards .sol#L56

Description: Parameters of certain events are expected to be indexed so that they’re included in the block’s bloom filter for faster access. Failure to do so might confuse off-chain tooling looking for such indexed events.

Recommendation: Consider adding the indexed keyword to event parameters that should include it.

[NAZ-N6] Commented Out Code

Severity: Informational Context: Controller.sol#L25, Controller.sol#L268-L270, Vault.sol#L393-L398

Description: There is commented code that makes the code messy and unneeded.

Recommendation: Consider removing the commented out code.

[NAZ-N7] TODOs Left In The Code

Severity: Informational Context: Vault.sol#L196

Description: There should never be any TODOs in the code when deploying.

Recommendation: Consider finishing the TODOs before deploying.

[NAZ-N8] Use Underscores for Number Literals

Severity: Informational Context: Controller.sol#L15, PegOracle.sol#L68, PegOracle.sol#L70, PegOracle.sol#L78, Vault.sol#L266

Description: There are multiple occasions where certain numbers have been hardcoded, either in variables or in the code itself. Large numbers can become hard to read.

Recommendation: Consider using underscores for number literals to improve its readability.

[NAZ-N9] Spelling Errors

Severity: Informational Context: Vault.sol#L199 (transfered => transferred), Vault.sol#L415 (transfered => transferred), RewardsFactory.sol#L25 (insrance => insurance), RewardsFactory.sol#L27 (insrance => insurance)

Description: Spelling errors in comments can cause confusion to both users and developers.

Recommendation: Consider checking all misspellings to ensure they are corrected.

[NAZ-G1] Unused Variables

Context: PegOracle.sol#L13

Description: The linked variables are unused and can be removed to save gas and improve readability.

Recommendation: Consider removing the unused variables.

[NAZ-G] State Variables That Can Be Set To Immutable

Context: Controller.sol#L13, PegOracle.sol#L10-L13, SemifungibleVault.sol#L20-L21

Description: Solidity 0.6.5 introduced immutable as a major feature. It allows setting contract-level variables at construction time which gets stored in code rather than storage. Each call to it reads from storage, using a sload costing 2100 gas cold or 100 gas warm. Setting it to immutable will have each storage read of the state variable to be replaced by the instruction push32 value, where value is set during contract construction time and this costs only 3 gas.

Recommendation: Set the state variable to immutable.

[NAZ-G2] Use of 2**256 - 1 && type(uint256).max When 2**255 Can Be Used

Context: SemiFungibleVault.sol#L238, SemiFungibleVault.sol#L245

Description: Infinity can also be represented via ``2255, it's hex representation is 0x8000000000000000000000000000000000000000000000000000000000000000while2256 - 1is0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff`. Then main difference is and where the gas savings come from is, zeros are cheaper than non-zero values in hex representation.

Recommendation: Use 2**255 instead of 2**256 - 1 to save gas on deployment.

[NAZ-G3] Use delete Keyword To Reset State Data

Context: StakingRewards.sol#L135

Description: It's cheaper to use the delete keyword when resetting state data to their default values than setting them.

Recommendation: Consider using delete keyword to reset state data to default values.

[NAZ-G4] In require(), Use != 0 Instead of > 0 With Uint Values

Context: Vault.sol#L187, StakingRewards.sol#L119

Description: In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Recommendation: Use != 0 instead of > 0 with uint values but only in require() statements.

[NAZ-G5] Use of Custom Errors Instead of String

Context: PegOracle.sol, SemiFungibleVault.sol, Vault.sol#L165, Vault.sol#L187, StakingRewards.sol

Description: To save some gas the use of custom errors leads to cheaper deploy time cost and run time cost. The run time cost is only relevant when the revert condition is met.

Recommendation: Use Custom Errors instead of strings.

[NAZ-G6] Skip Initialization of Variable

Context: StakingRewards.sol#L36

Description: It's cheaper to skip initializtion of state variables to their default values.

Recommendation: Consider skipping the initialization of these listed varaible.

[NAZ-G7] Use ++index instead of index++ to increment a loop counter

Context: Vault.sol#L443

Description: Due to reduced stack operations, using ++index saves 5 gas per iteration.

Recommendation: Use ++index to increment a loop counter.

[NAZ-G8] The Increment In For Loop Post Condition Can Be Made Unchecked

Context: Vault.sol#L443

Description: (This is only relevant if you are using the default solidity checked arithmetic). i++ involves checked arithmetic, which is not required. This is because the value of i is always strictly less than length <= 2**256 - 1. Therefore, the theoretical maximum value of i to enter the for-loop body is 2**256 - 2. This means that the i++ in the for loop can never overflow. Regardless, the overflow checks are performed by the compiler.

Unfortunately, the Solidity optimizer is not smart enough to detect this and remove the checks. One can manually do this by:

for (uint i = 0; i < length; ) {
    // do something that doesn't change the value of i
    unchecked {
        ++i;
    }
}

Recommendation: Consider doing the increment in the for loop post condition in an unchecked block.

[NAZ-G9] Setting The Constructor To Payable

Context: All Contracts

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.

Recommendation: Set the constructor to payable.

[NAZ-G10] Function Ordering via Method ID

Context: All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.

Recommendation: Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.