Platform: Code4rena
Start Date: 15/03/2024
Pot Size: $60,500 USDC
Total HM: 16
Participants: 43
Period: 21 days
Judge: hansfriese
Total Solo HM: 5
Id: 348
League: ETH
Rank: 33/43
Findings: 1
Award: $24.56
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: popeye
Also found by: 0xbrett8571, JcFichtner, LinKenji, Rhaydden, SAQ, Sathish9098, albahaca, clara, emerald7017, fouzantanveer, foxb868, hunter_w3b, kaveyjoe, roguereggiant
24.5635 USDC - $24.56
| no | File |
|---|---|
| [File-1] | BidOrdersFacet.sol |
| [File-2] | ShortOrdersFacet.sol |
| [File-3] | PrimaryLiquidationFacet.sol |
| [File-4] | BridgeRouterFacet.sol |
| [File-5] | ExitShortFacet.sol |
| [File-6] | RedemptionFacet.sol |
| [File-7] | LibBridgeRouter.sol |
| [File-8] | LibBytes.sol |
| [File-9] | LibOracle.sol |
| [File-10] | LibOrders.sol |
| [File-11] | LibSRUtil.sol |
| [File-12] | UniswapOracleLibrary.sol |
Access Controls: Ensure that only authorized entities have access to critical functions like createForcedBid.
Fee Handling: Verify that fee calculations are fair and transparent to prevent potential abuse by admins.
Order Matching Logic: The bidMatchAlgo function seems to handle order matching intricacies. Ensure thorough testing to catch edge cases.
Oracle Dependency: The contract interacts with an Oracle contract. Ensure the Oracle's reliability and security to prevent systemic risks.
Stack Too Deep: There is a comment about preventing "stack too deep" issues by creating incomingBid in createBid instead of BidMatchAlgo. Ensure this approach is effective.
Gas Optimization: Verify gas optimizations in sorting and matching algorithms to avoid excessive gas costs.
Oracle Price Updates: Validate the mechanism for updating Oracle prices to prevent price manipulation risks.
External Contracts: Dependencies on external contracts like Oracle and Diamond should be thoroughly audited and integrated securely to prevent vulnerabilities.
Data Integrity: Ensure data consistency and integrity across multiple contracts, especially during order matching and asset transfers.
ERC-20 Operations: Verify ERC-20 token operations like transferring tokens (s.assetUser[asset][bidder].ercEscrowed += matchTotal.fillErc) to prevent token loss or unauthorized transfers.
Access Controls: Verify that only authorized entities have access to critical functions like createLimitShort.
CR Validation: Ensure that CR (Collateral Ratio) validations prevent abuse by users setting invalid CR values.
Eth Escrow Check: Confirm that checks for sufficient ETH escrowed by users are properly implemented to prevent misuse.
Order Matching Logic: Review the logic in createLimitShort and sellMatchAlgo for accurate order matching and handling of different scenarios.
CR Constraints: Ensure that the collateral ratio (CR) calculations and constraints are correctly applied to prevent systemic risks related to under-collateralization.
Oracle Dependency: Assess the reliability and security of the Oracle contract (LibOracle) as it affects critical pricing decisions.
Stack Too Deep: The contract comments mention preventing "stack too deep" issues. Ensure that the workaround implemented is effective and doesn't introduce vulnerabilities. Gas Optimization: Review gas usage in complex calculations, loops, and external contract interactions for efficient gas usage. Order Book Maintenance: Verify that order book updates and placements are handled efficiently to avoid potential bottlenecks or errors.
External Libraries: Ensure that interactions with external libraries (LibOrders, LibAsset, LibOracle, etc.) are secure and well-integrated to avoid vulnerabilities.
Data Consistency: Check for consistency in data handling across different contract functions and libraries to prevent data corruption or manipulation risks.
ERC-20 Operations: Review ERC-20 token operations related to short positions (ercAmount) and collateral to prevent token loss, unauthorized minting, or other risks.
the contract seems to manage short orders in a market system with considerations for collateral ratios, order matching, and price oracles.
</details>Constructor Parameter: The constructor takes an _dusd address parameter, which should be carefully managed to ensure it is set correctly during contract deployment to prevent potential admin abuse.
Forced Liquidation: The liquidate function handles forced liquidation, which could be abused if not properly monitored and controlled.
Liquidation Logic: Review the liquidate function to ensure that forced liquidations are handled accurately and securely without exposing the system to vulnerabilities or exploits.
Oracle Dependency: The contract relies on an Oracle (LibOracle) for price information, which introduces systemic risk if the Oracle is compromised or unreliable.
Accounting and Escrow Handling: Verify that collateral, debts, and fees are managed correctly during liquidation and that the accounting logic is robust.
Gas Usage: Complex operations like forced bidding and accounting could lead to high gas costs, so gas optimizations should be considered.
Data Integrity: Ensure that data handling across different storage locations (s.asset, s.vaultUser, etc.) is consistent and secure to avoid data corruption or manipulation risks.
External Contract Interactions: The contract interacts with external contracts/interfaces (IDiamond, other libraries), so integration risks with these contracts should be assessed.
External Libraries and Interfaces: Check the integration with external libraries (LibOrders, LibAsset, LibOracle, etc.) and interfaces (IDiamond) to ensure compatibility, security, and reliability.
Oracle Dependency: As mentioned earlier, integration with the Oracle contract (LibOracle) should be thoroughly tested and audited to prevent potential vulnerabilities or inaccuracies in price data.
ERC-20 Operations: The contract doesn't directly handle ERC-20 tokens but interacts with them indirectly through other contracts. Ensure that ERC-20 token interactions are secure and follow best practices to avoid token loss or unauthorized access.
the contract appears to handle liquidation operations in a market system, relying on external contracts/interfaces for price data and accounting. Additionally, monitoring and access controls should be implemented to prevent admin abuse and unauthorized actions within the contract.
</details>Bridge Address Setters: The constructor allows setting addresses for rethBridge and stethBridge. If these addresses are controlled by administrators and not updated correctly, it could lead to potential abuse.
Fee Handling: The contract handles fees (withdrawalFeePct) that can be configured per bridge. If fee settings are not managed properly, it could result in unfair or exploitative fee structures.
Bridge Functionality: The contract interacts with bridges (IBridge) to deposit and withdraw assets. Ensure that bridge contracts are secure, reliable, and audited to prevent loss of funds or incorrect token handling.
Vault Logic: The contract has logic related to vaults (getDethTotal, getBridges, etc.), which should be thoroughly tested to ensure accurate accounting and proper functioning across different bridge types.
Gas Optimization: Complex operations such as fee calculations and yield rate updates could consume significant gas. Consider gas optimizations, especially in functions like maybeUpdateYield and _ethConversion.
Error Handling: The contract includes error handling for minimum deposit checks (C.MIN_DEPOSIT). Verify that error conditions are appropriately managed and do not lead to unexpected contract states.
Bridge Interfaces: The contract relies on the IBridge interface for interactions with bridge contracts. Ensure that the interface is well-defined, compatible with bridge implementations, and handles edge cases securely.
External Contracts: External contracts/interfaces such as IBridge and Constants.sol are referenced. Thoroughly audit and test interactions with these external components to avoid integration issues or vulnerabilities.
Token Deposits and Withdrawals: The contract handles deposits and withdrawals of tokens (LST and dETH) via bridge contracts. Ensure that token handling follows best practices to prevent loss, double-spending, or unauthorized access.
the contract seems to manage interactions with bridges and vaults for depositing and withdrawing assets. Careful attention should be given to bridge configurations, fee structures, gas optimizations, and error handling to mitigate the identified risks and ensure the security and reliability of the system.
</details>Constructor Parameters: The constructor allows setting the dusd address, which could potentially be controlled by administrators. Any mismanagement or changes to this address could lead to abuse or unauthorized behavior.
Bid Creation: The exitShort function involves creating bids on the market, which may have implications based on the bid parameters and market conditions. Admins need to ensure fair and transparent bid creation processes.
Short Position Management: The contract facilitates exiting short positions in different ways (exitShortWallet, exitShortErcEscrowed, exitShort) based on different conditions. Incorrect handling of short positions or market conditions could lead to unexpected losses or gains.
Oracle Dependency: The contract relies on external oracles for price information (updateOracleAndStartingShortViaTimeBidOnly). Ensure that oracle updates are timely and accurate to prevent mispricing risks.
Gas Optimization: Complex operations such as bid creation (createForcedBid) and collateral calculations could consume significant gas. Gas optimizations may be needed, especially in functions dealing with on-chain interactions or calculations.
Error Handling: The contract includes error handling for various conditions such as insufficient collateral, invalid buyback amounts, or dust amounts. Ensure that error conditions are appropriately managed to prevent unexpected contract states.
External Interfaces: The contract interacts with external contracts/interfaces (IDiamond, LibAsset.burnMsgSenderDebt) for bid creation, ERC management, and asset handling. Thoroughly audit and test interactions with these external components to ensure compatibility and security.
Market Dependency: The exitShort function interacts with the market, relying on market conditions and bid placements. Integration risks may arise if market conditions change rapidly or if bids are not executed as expected.
Token Handling: The contract handles ERC tokens (dusd, ERC-20 tokens) for collateral, buyback, and bid creation. Ensure that token handling follows best practices to prevent loss, double-spending, or unauthorized access.
the contract manages short positions, bid creation, and ERC token interactions to exit short positions. Admins should ensure correct parameter inputs, proper error handling, accurate oracle updates, gas optimizations, and secure token handling to mitigate the identified risks and maintain system integrity.
</details>Access Controls: Ensure that only authorized users have access to critical functions such as proposing redemption, disputing redemption, and claiming redemption. Consider implementing role-based access controls (RBAC) if necessary to restrict access appropriately. Fee Manipulation: Validate fee calculations and ensure that fee-related parameters cannot be manipulated by unauthorized parties. Use secure methods for fee calculations to prevent abuse.
Protocol Governance: Consider implementing mechanisms for protocol governance to address potential disputes and conflicts among users, especially during redemption and collateral claiming phases. Dispute Resolution: Define clear rules and procedures for resolving disputes between parties involved in redemption proposals and claiming collateral. Ensure fairness and transparency in dispute resolution mechanisms.
Contract Security: Perform thorough code reviews and security audits to identify and mitigate vulnerabilities such as reentrancy bugs, integer overflows/underflows, and potential logic errors. Data Integrity: Ensure that data stored in storage variables is accurately updated and validated throughout the redemption process to prevent discrepancies and data corruption. Oracle Dependence: Monitor and manage dependencies on oracles for price feeds and other critical data inputs. Implement fail-safes or fallback mechanisms to handle oracle failures or manipulations.
External Contract Interactions: Review and verify interactions with external contracts, especially libraries and interfaces, to prevent unexpected behavior or vulnerabilities arising from integration points. Token Standards Compliance: Ensure compliance with relevant token standards (e.g., ERC-20) for tokens involved in the redemption process. Validate token transfers and interactions to prevent loss or manipulation of tokens.
Token Management: If the smart contract deals with non-standard tokens or custom tokens, ensure proper handling, transfer, and validation mechanisms are in place to mitigate risks such as token loss, unauthorized transfers, or contract interactions with incompatible tokens.
</details>No specific admin-related functions or modifiers are evident in this contract. Therefore, there are no direct admin abuse risks apparent in this contract.
Bridge Credit System: The contract implements a bridge credit system for managing credits associated with different assets (RETH and WSTETH). The transferBridgeCredit function manages the transfer of bridge credits between users. The risk here is that the bridge credit system must accurately reflect the assets held by users to avoid inconsistencies or exploits. Proper testing and auditing of this functionality are crucial to mitigate systemic risks.
Precision and Arithmetic Operations: The contract involves arithmetic operations and precision management, especially in handling uint88 and uint256 types. Risks such as overflows, underflows, and precision loss must be carefully considered and mitigated using safe math libraries or other appropriate techniques.
Oracle Usage: The contract interacts with oracles using the OracleLibrary for estimating TWAP (Time Weighted Average Price). Ensure that oracle responses are accurate and not manipulated to avoid incorrect assessments of market premiums or discounts.
Bridge Fees Calculation: The withdrawalFeePct function calculates withdrawal fees based on market premiums or discounts between RETH and WSTETH. Ensure that the fee calculation logic is precise and reflective of actual market conditions to prevent overcharging or undercharging users.
Bridge Contracts: The contract interacts with external bridge contracts (IBridge) to manage bridge credits and assess dETH withdrawals. Risks may arise from inconsistencies or vulnerabilities in the bridge contract interfaces or behaviors. Proper integration testing and auditing of bridge contracts are crucial to mitigate such risks.
Oracle Integration: The contract integrates with oracles (OracleLibrary) for price estimation. Risks related to oracle downtime, incorrect data reporting, or manipulation should be considered. Implementing fallback mechanisms or alternative data sources can enhance robustness against oracle-related risks.
N/A
the contract manages bridge credits and dETH withdrawals, involving precision-sensitive operations, oracle interactions, and integration with external bridge contracts.
</details>There are no explicit admin-related functions or modifiers evident in this contract. Therefore, there are no direct admin abuse risks apparent in this contract.
Data Parsing and Storage: The contract includes a custom data decoding function readProposalData, which reads and processes data stored using the SSTORE2 library. The risk here is that any errors or inconsistencies in data parsing logic could lead to incorrect data interpretation or storage, potentially affecting system behavior or data integrity.
Assembly Operations: The contract uses assembly operations for efficient data extraction from byte arrays (slate variable). Risks associated with incorrect assembly operations or misinterpretation of data at the byte level could lead to unexpected behavior or vulnerabilities.
Data Length Verification: The contract includes a length verification check (require(slate.length % 51 == 0, "Invalid data length")) to ensure that the input data length is valid. However, improper handling of this check or incorrect assumptions about data length could lead to vulnerabilities such as out-of-bounds errors or data corruption.
External Library Dependency: The contract relies on an external library (SSTORE2) for data storage and retrieval (SSTORE2.read(SSTORE2Pointer)). Risks associated with external dependencies include incorrect library usage, versioning issues, or vulnerabilities in the library code itself. Thorough testing and auditing of library interactions are necessary to mitigate integration risks.
N/A
the contract focuses on decoding and processing data stored using an external library (SSTORE2) through efficient assembly operations. Risks primarily revolve around data parsing accuracy, length verification, assembly operations' correctness, and proper handling of external library dependencies.
The contract does not contain explicit admin functions or roles, reducing direct admin abuse risks. However, if the contract's owner privileges are not appropriately managed or if unauthorized parties gain control, they may manipulate oracle prices, leading to adverse effects on the system.
Oracle Price Determination: The contract relies on external oracle interfaces (AggregatorV3Interface) to fetch asset prices. Risks associated with incorrect oracle data, delayed updates, or manipulation of oracle responses could affect price accuracy and system stability.
Circuit Breaker Mechanism: The contract implements circuit breaker logic (oracleCircuitBreaker and baseOracleCircuitBreaker) to handle invalid or unexpected oracle data. However, improper circuit breaker logic or failure to handle all edge cases adequately may impact system reliability during oracle failures or deviations.
Assembly Operations: The contract does not directly use assembly operations. However, it interacts with low-level data structures such as byte arrays (slate variable) through external library dependencies. Risks associated with incorrect data parsing, manipulation, or memory handling could lead to vulnerabilities or incorrect system behavior.
External Dependencies: The contract imports external interfaces (AggregatorV3Interface, IERC20, IDiamond) and relies on external contracts for oracle data and other functionalities. Risks include versioning issues, security vulnerabilities in dependencies, and dependency on third-party services for critical operations.
Oracle Integration: Integration risks stem from the reliance on external oracle contracts (AggregatorV3Interface) for fetching asset prices. Proper integration, version compatibility, and handling of oracle response data are crucial to mitigate integration risks and ensure accurate price feeds.
Diamond Interface Integration: The contract interacts with a diamond contract (IDiamond) and relies on its functionalities. Risks related to improper diamond contract integration, unexpected behavior, or contract upgradeability should be carefully managed.
The contract interacts with ERC20 tokens (IERC20) for handling collateral and other functionalities. Risks associated with non-standard ERC20 implementations, token transfer failures, or re-entrancy vulnerabilities should be considered and mitigated.
the contract primarily focuses on fetching asset prices from external oracles, implementing circuit breaker mechanisms, and managing system data using external interfaces. Risks primarily revolve around oracle data accuracy, circuit breaker logic correctness, external dependencies management, and integration challenges with external contracts.
</details>Potential Risk: The ability to cancel orders and update order books can be abused by administrators to manipulate markets or unfairly advantage certain participants. Mitigation: Implement strict access controls and permissions for admin functions. Use multi-signature schemes or decentralized governance models for critical functions.
Potential Risk: Systemic risks may arise from bugs or vulnerabilities in the smart contracts leading to unexpected behaviors or exploits.
Technical risks include inefficient algorithms, gas optimization issues, or improper data handling leading to higher gas costs or contract failures.
Integration risks may arise when interacting with external systems such as oracles for price feeds or other DeFi protocols for collateral management.
If the system deals with non-standard tokens or custom token standards, there may be risks related to token interoperability or unexpected token behaviors.
</details>Risk Assessment: The code includes functions like disburseCollateral, checkCancelShortOrder, checkShortMinErc, transferShortRecord, and updateErcDebt that involve modifying critical contract state variables like collateral, debt, and short records.
Mitigation: Implement strict access controls and permission checks for these functions to prevent unauthorized or malicious modifications. Use multi-signature schemes or decentralized governance models for critical operations.
The code interacts with external data sources like oracles (LibAsset.recoveryCR) and potentially external contracts (LibBridgeRouter.transferBridgeCredit). Integration with external systems introduces systemic risks such as data inconsistency or reliance on external contract behavior.
The code leverages several libraries (PRBMathHelper.sol, DataTypes.sol, AppStorage.sol, Constants.sol, LibOrders.sol, LibShortRecord.sol, LibAsset.sol, Errors.sol, LibBridgeRouter.sol) which introduce dependencies and potential risks related to library functionality or versioning issues.
The code interacts with different parts of the system such as asset management (disburseCollateral, updateErcDebt), short order management (checkCancelShortOrder, checkShortMinErc), NFT handling (transferShortRecord), and external bridge operations (transferBridgeCredit). Integration complexities can introduce bugs or vulnerabilities.
N/A
</details>N/A
Risk Assessment: The contract interacts with external Uniswap V3 pool contracts (IUniswapV3Pool) to fetch historical tick data for price estimation. Reliance on external contracts introduces systemic risks such as incorrect data retrieval, unavailability of external contracts, or changes in external contract behavior.
Mitigation: Perform extensive testing and validation of the external contract interface (IUniswapV3Pool) to ensure data integrity and contract functionality. Implement error handling mechanisms and fallback strategies in case of external contract failures or changes.
The contract imports several external libraries (Errors.sol, UniswapTickMath.sol, PRBMathHelper.sol) and interfaces (IUniswapV3Pool) which introduce technical dependencies and potential risks related to library versioning, compatibility, or functionality.
The contract integrates with Uniswap V3 pool contracts (IUniswapV3Pool) to fetch cumulative tick data and estimate Time-Weighted Average Price (TWAP). Integration with external systems introduces risks such as data inconsistencies, unexpected behavior due to changes in external contracts, or reliance on external oracle accuracy.
N/A
</details>26 hours
#0 - c4-pre-sort
2024-04-07T20:22:11Z
raymondfam marked the issue as sufficient quality report
#1 - c4-judge
2024-04-17T07:02:17Z
hansfriese marked the issue as grade-b