Back to albahaca's contests

Decent - albahaca's results

Decent enables one-click transactions using any token across chains.

General Information

Platform: Code4rena

Start Date: 19/01/2024

Pot Size: $36,500 USDC

Total HM: 9

Participants: 113

Period: 3 days

Judge: 0xsomeone

Id: 322

League: ETH

Decent

Findings Distribution

Researcher Performance

Rank: 55/113

Findings: 1

Award: $23.41

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDecent

Findings Information

🌟 Selected for report: fouzantanveer

Also found by: 0xAadi, 0xSmartContract, 0xepley, SAQ, SBSecurity, albahaca, catellatech, clara, foxb868, hunter_w3b, ihtishamsudo, yongskiws

Labels

analysis-advanced
grade-b
sufficient quality report
A-10

Awards

23.4096 USDC - $23.41

External Links

Link to GitHub issue

Analysis Report for Decent Protocol

Description Overview of The Protocol

Decent stands as a robust cross-chain DeFi protocol designed to facilitate one-click transactions utilizing any token across diverse blockchain networks. At its core, Decent employs two vital libraries, UTB and decent-bridge, to streamline cross-chain transactions. UTB, or Universal Token Bridge, orchestrates the routing of cross-chain transactions through selected bridges, offering the flexibility for transactions on any chain, paid for from any source chain or token. The custom bridge, decent-bridge, is constructed upon layerzero's OFT standard, providing a foundation for cross-chain interoperability.

A pivotal feature of Decent is its ability to enable one-click transactions using any token on any chain through a set of hooks and embeddable React components collectively referred to as "The Box." Developers can leverage The Box to create seamless transaction experiences, abstracting complexities related to bridging and swapping. The motivation behind The Box lies in its role as critical infrastructure for a multi-chain future, fostering user-friendly crypto payments accessible across various chains.

Comments for the Judge

The Decent protocol showcases a well-thought-out architecture with a suite of functionalities that aim to simplify cross-chain transactions. While the foundation is strong, a thorough analysis has revealed potential areas of improvement, particularly in terms of decentralization, gas optimization, and input validation. Addressing these concerns will not only bolster the security of the protocol but also enhance its overall efficiency and user experience.

Approach Taken in Evaluating the Codebase

The assessment of the codebase involved an in-depth examination of key contracts, libraries, and interfaces within the Decent protocol. Each component, such as UTB, UTBExecutor, UTBFeeCollector, BaseAdapter, DecentBridgeAdapter, StargateBridgeAdapter, and associated libraries like SwapParams, UniSwapper, DcntEth, DecentBridgeExecutor, and DecentEthRouter, underwent scrutiny. The focus was on identifying security vulnerabilities, evaluating gas efficiency, and ensuring adherence to best practices. Additionally, the overall architecture was analyzed, with an emphasis on proposing enhancements for decentralization and user experience.

Architecture Recommendations

1. Decentralization Enhancements:
  • Introduce decentralized governance mechanisms for critical components to reduce reliance on owner-only functions. Consider implementing community-driven decision-making through voting mechanisms or decentralized autonomous organizations (DAOs).
  • Explore the implementation of multi-signature schemes or decentralized consensus for functions that currently rely on a single owner. This will add an additional layer of security and reduce centralization risks.
  • Consider the implementation of decentralized upgrade mechanisms to enhance the protocol's resilience. This can involve deploying upgradeable contracts governed by the community or a decentralized council.
2. Gas Usage Optimization:
  • Conduct code refactoring in UniSwapper and DecentBridgeExecutor to optimize gas efficiency, especially in segments with repetitive code. This can involve identifying and consolidating duplicated code to reduce gas consumption.
  • Implement gas limits for external calls in critical functions to prevent potential issues related to unexpected gas consumption. Clearly define and document appropriate gas limits for each external call to ensure secure and controlled execution.
  • Enhance gas efficiency by optimizing code sections in UniSwapper related to token swaps. Consider leveraging gas-efficient algorithms and data structures to improve overall performance.
3. Input Validation Improvements:
  • Strengthen input validation mechanisms in key contracts such as SwapParams, UniSwapper, and DecentBridgeAdapter. Implement robust checks on parameters to mitigate potential vulnerabilities arising from malicious inputs.
  • Introduce additional input validation for critical functions in DecentBridgeExecutor and DecentEthRouter to ensure that only valid and secure inputs are processed. This includes validating addresses, amounts, and other relevant parameters.
  • Conduct thorough testing and validation of user inputs in smart contracts to prevent potential exploits or unexpected behaviors. Implement fail-safes and revert transactions when invalid inputs are detected.
4. Enhanced Security Measures:
  • Introduce reentrancy guards in contracts susceptible to reentrancy attacks to fortify security. Implement the checks-effects-interactions pattern or leverage the nonReentrant modifier where applicable to prevent reentrancy vulnerabilities.
  • Strengthen signature verification mechanisms in DecentBridgeAdapter, especially concerning fee collection. Consider using standardized libraries for signature verification and conduct additional checks to ensure the integrity of signed data.
  • Implement access controls for critical functions in contracts like DecentBridgeAdapter, StargateBridgeAdapter, and DecentEthRouter. Clearly define roles and permissions, ensuring that only authorized entities can execute sensitive operations.
5. Transparency and Monitoring:
  • Implement comprehensive event logging in contracts lacking transparency to enhance traceability and monitoring. Emit events for critical actions, state changes, and user interactions to provide a clear and auditable record on the blockchain.
  • Enhance error messages and error handling mechanisms in contracts to provide clearer diagnostics for monitoring purposes. Detailed error messages help developers and auditors identify issues promptly and facilitate more effective troubleshooting.
  • Consider implementing additional monitoring tools or integrations with existing blockchain explorers to enhance real-time visibility into the protocol's activities. This can aid in detecting anomalies or potential security threats.
6. Solidity Versioning:
  • Consider upgrading the Solidity version across contracts to leverage the latest security improvements and language features. Staying current with Solidity releases ensures that the protocol benefits from the latest advancements in the Ethereum ecosystem.
7. Inline Assembly Usage:
  • Carefully review the usage of inline assembly to mitigate potential errors and ensure robustness. Inline assembly introduces complexities and requires thorough auditing to avoid security risks. If possible, consider alternative implementations that do not rely on inline assembly.
8. Contract Upgradability:
  • Clearly indicate the upgradeability status of contracts and, if applicable, implement secure upgrade mechanisms. Transparent communication about contract upgradability builds trust among users and developers. Implement upgrade mechanisms that prioritize security and avoid introducing vulnerabilities.
9. Nonce Management:
  • Implement nonce management in contracts like UTBFeeCollector to prevent potential replay attacks. Nonce management adds an additional layer of security by ensuring that transactions are processed in the intended order and are not subject to replay attacks.
10. Comprehensive Audits:
  • Conduct thorough security audits not only for specific contracts but also for the overall architecture and governance mechanisms of the entire Decent protocol. Engage reputable third-party auditing firms to perform comprehensive reviews, addressing potential vulnerabilities and ensuring the highest standards of security.

Codebase Quality Analysis

Codebase Quality Analysis

This section provides a detailed analysis of the codebase quality for various smart contracts within a cross-chain bridge or DeFi platform. Each contract's functionality, security issues, and recommendations are outlined, aiming to enhance the overall security and reliability of the smart contracts. The analysis covers key concerns such as reentrancy vulnerabilities, gas limit specifications, access controls, and other potential risks. The provided recommendations offer actionable steps to mitigate identified security issues and ensure robust smart contract implementations.

ContractExplanationSecurity IssuesRecommendations
UTB.solUTB is a smart contract for a cross-chain bridge or DeFi platform. It handles token swaps, bridging assets, and executing transactions. It uses external contracts/interfaces for various operations.1. Swapping Functionality: performSwap approves the maximum amount of tokens without validation. <br> 2. Swap and Execute: Fee collection relies on ECDSA signatures. <br> 3. Bridge Functionality: Bridging function sends native tokens along with the call. <br> 4. General Security Concerns: Centralization risk, potential reentrancy issues, trust assumptions in external contracts.1. Limit approved amounts in performSwap and audit swapper contract. <br> 2. Strengthen signature verification and review the signing process. <br> 3. Ensure the bridge adapter is secure and correctly implemented. <br> 4. Implement decentralized control, use reentrancy guards, and perform thorough audits.
UTBExecutor.solUTBExecutor executes payment transactions with native Ether or ERC20 tokens. It has two execute functions for different transaction types.1. Reentrancy: Lack of reentrancy protection during external calls. <br> 2. Gas Limit: No specified gas limit for call operations. <br> 3. ERC20 Return Values: Missing check on return values of ERC20 transfer functions. <br> 4. Solidity Version: Locked to a specific Solidity version.1. Implement reentrancy guards. <br> 2. Specify gas limits to prevent out-of-gas errors. <br> 3. Check and handle return values appropriately. <br> 4. Consider keeping the version up-to-date for security fixes.
UTBFeeCollector.solUTBFeeCollector collects and redeems fees, likely for a bridge service. It uses a signer address for fee collection verification.1. Signature Replay Attack: Lack of nonce management may lead to replay attacks. <br> 2. ERC20 transferFrom Authorization: Assumes authorization to transfer fees may fail. <br> 3. Inline Assembly: Use of inline assembly may introduce errors. <br> 4. Lack of Event Logging: No events for critical actions.1. Implement nonce management to prevent replays. <br> 2. Ensure proper authorization for fee transfers. <br> 3. Carefully review inline assembly usage. <br> 4. Implement events for transparency and tracking.
BaseAdapter.solBaseAdapter works with a bridge executor for certain actions. It uses UTBOwned for ownership functionality.1. Trust in the bridgeExecutor: Assumes trust in the bridgeExecutor. <br> 2. Single Point of Failure: bridgeExecutor represents a single point of failure. <br> 3. No Event Logging: Lack of event emission for critical changes.1. Ensure trustworthiness of the bridgeExecutor. <br> 2. Implement measures to mitigate risks associated with a single point of failure. <br> 3. Implement events for transparency.
DecentBridgeAdapter.solDecentBridgeAdapter bridges assets using the Decent bridge protocol. It inherits from BaseAdapter, implements IBridgeAdapter interface.1. Access Control: Owner-only functions may pose a risk if not correctly implemented. <br> 2. Reentrancy: External calls in bridge function may be vulnerable to reentrancy. <br> 3. Contract Upgrades: No clear indication of upgradeability. <br> 4. Input Validation: Assumes encoded data is valid.1. Ensure proper implementation of owner-only functions. <br> 2. Implement reentrancy guards and use Checks-Effects-Interactions pattern. <br> 3. If upgradeability is intended, implement a secure upgrade mechanism. <br> 4. Implement comprehensive input validation.
StargateBridgeAdapter.solStargateBridgeAdapter facilitates cross-chain token swaps using the Stargate protocol. It inherits from BaseAdapter, IBridgeAdapter, and IStargateReceiver.1. Reentrancy: sgReceive calls an external contract, potentially exposing reentrancy risks. <br> 2. Centralization Risks: Owner-only functions introduce centralization risks. <br> 3. Input Validation: Assumes encoded data is correctly formatted. <br> 4. Contract Upgrades: No clear indication of upgradeability.1. Ensure onlyExecutor modifier mitigates reentrancy risks. <br> 2. Minimize owner privileges and consider decentralized governance. <br> 3. Implement comprehensive input validation. <br> 4. If upgradeability is intended, implement a secure upgrade mechanism.
SwapParams.solThe SwapParams.sol Solidity code defines a library (SwapDirection) and a struct (SwapParams). It is used for token swap operations in a decentralized finance (DeFi) application.1. Path Parameter Validation: The path parameter lacks validation, potentially exposing the swap function to vector attacks. <br> 2. Token Address Validation: No explicit checks on the legitimacy of tokenIn and tokenOut addresses. <br> 3. Missing User or Transaction Identifiers: The SwapParams struct lacks user or transaction identifiers. <br> 4. Access Control Mechanisms: Lack of access control mechanisms. <br> 5. Event Logging: Absence of events makes it challenging to track swap operations.1. Strengthen input validation for parameters like path, tokenIn, and tokenOut. <br> 2. Include user or transaction identifiers in the struct for comprehensive swap operations. <br> 3. Implement access controls to prevent unauthorized calls to sensitive functions. <br> 4. Introduce event logging for transparency and tracking purposes.
UniSwapper.solUniSwapper.sol is a Solidity contract designed for token swapping, interacting with Uniswap, a decentralized exchange. It inherits from UTBOwned and implements the ISwapper interface.1. Reentrancy Vulnerability: The contract lacks reentrancy protection. <br> 2. Token Approval Risks: Approval of the Uniswap router to spend tokens lacks proper validation. <br> 3. Error Handling: Failure to check return values in private helper functions. <br> 4. Access Control: The onlyUtb modifier is referenced but not defined. <br> 5. Gas Usage Optimization: The contract's gas usage could potentially be optimized.1. Implement reentrancy guards using the nonReentrant modifier. <br> 2. Ensure correct and secure validation before approving the Uniswap router for token spending. <br> 3. Implement proper error handling, check return values, and consider using the SafeERC20 library. <br> 4. Define and thoroughly review the onlyUtb modifier for robust access control. <br> 5. Refactor code to optimize gas usage and enhance efficiency.
DcntEth.solDcntEth.sol is a Solidity contract inheriting from OFTV2, likely representing version 2 of an OmniFungible Token (OFT) designed for cross-chain interactions.1. Unrestricted setRouter Function: The setRouter function lacks access control. <br> 2. Assumed Parent Contract Security: The contract assumes the security of the inherited OFTV2 contract without explicit validation. <br> 3. Missing Checks on Minting and Burning: The contract lacks checks or limits on minting and burning. <br> 4. Event Logging Absence: The contract does not emit events for critical actions.1. Restrict the setRouter function to the contract owner or another trusted role. <br> 2. Conduct a thorough audit of the OFTV2 and other inherited contracts for security. <br> 3. Implement checks and limits on minting and burning functions. <br> 4. Introduce event logging for critical actions to enhance transparency.
DecentBridgeExecutor.solDecentBridgeExecutor.sol defines a smart contract facilitating transactions in WETH or native ETH on behalf of users, intended for use on Ethereum or any EVM-compatible blockchain.1. Reentrancy Vulnerability: The contract appears susceptible to reentrancy attacks. <br> 2. Unbounded Token Approval: _executeWeth function approves the target contract to spend the entire amount of WETH without checking the existing allowance. <br> 3. Unchecked Return Values: The contract does not check the return values of weth.transfer and weth.transferFrom calls. <br> 4. Gas Limit for External Calls: External calls via target.call(callPayload) lack a specified gas limit. <br> 5. Centralization Risk: The execute function can only be called by the owner.1. Implement reentrancy protection using the checks-effects-interactions pattern or the nonReentrant modifier. <br> 2. Check the existing allowance before approving token spending to avoid potential issues. <br> 3. Ensure secure token transfers by checking return values of weth.transfer and weth.transferFrom. <br> 4. Set a reasonable gas limit for external calls to prevent unexpected gas consumption. <br> 5. Evaluate the need for decentralization and consider additional access controls to mitigate centralization risks.
DecentEthRouter.solDecentEthRouter.sol serves as a bridge between Ethereum and other chains, using WETH as the bridging asset. It enables users to send ETH or WETH across chains, manage liquidity, and interact with an external executor contract.1. Reentrancy Vulnerability: The contract might be susceptible to reentrancy attacks. <br> 2. Lack of Gas Limit for External Calls: External calls to other contracts are made without specifying a gas limit. <br> 3. Ownership Manipulation: The contract inherits from Owned, potentially providing owner-only functions that could manipulate critical aspects. <br> 4. Limited Error Handling: The contract uses require statements for error handling, but the specificity and coverage of error conditions are not clear without reviewing external contract behavior.1. Implement reentrancy protection using the checks-effects-interactions pattern or the nonReentrant modifier. <br> 2. Specify reasonable gas limits for external calls to prevent unexpected gas consumption. <br> 3. Thoroughly review and audit owner-only functions inherited from Owned for security. <br> 4. Enhance error handling with clear and comprehensive messages in require statements.

Centralization Risks

DecentBridgeExecutor.sol

Centralization Risk:

The execute function in DecentBridgeExecutor.sol can only be called by the owner, introducing a central point of control and failure. This design choice may pose a risk if the owner account is compromised or acts maliciously.

Recommendation:

Consider decentralizing control by implementing multi-signature schemes or decentralized governance. Alternatively, introduce additional access controls to mitigate centralization risks.

BaseAdapter.sol

Centralization Risk:

BaseAdapter relies on trust in the bridgeExecutor contract. This centralized trust introduces a potential single point of failure if the bridgeExecutor is compromised.

Recommendation:

Implement measures to verify and ensure the trustworthiness of the bridgeExecutor. Consider diversifying or decentralizing control to reduce the impact of a single point of failure.

UTBFeeCollector.sol

Centralization Risk:

The UTBFeeCollector contract lacks clear access controls on critical functions. Any address can potentially interact with these functions, leading to centralization risks.

Recommendation:

Introduce access controls to restrict critical functions to authorized users. This can help prevent unauthorized interactions and mitigate centralization risks.

Mechanism Review

UniSwapper.sol

The UniSwapper.sol contract is designed for token swapping on Uniswap. Below is a detailed review of the mechanisms implemented:

  1. Reentrancy Vulnerability:

    • Concern: The contract lacks reentrancy protection, which could expose functions, especially those transferring funds, to reentrancy attacks.
    • Recommendation: Implement reentrancy guards using the checks-effects-interactions pattern or the nonReentrant modifier.

  2. Token Approval Risks:

    • Concern: The contract approves the Uniswap router to spend tokens without proper validation, potentially leading to funds loss if the router address is compromised.
    • Recommendation: Ensure correct and secure validation of the Uniswap router address before token approvals.

  3. Error Handling:

    • Concern: Failure to check return values in private helper functions like _refundUser and _sendToRecipient could introduce potential vulnerabilities.
    • Recommendation: Implement proper error handling, check return values, and consider using the SafeERC20 library for secure token transfers.

  4. Access Control:

    • Concern: The onlyUtb modifier is referenced but not defined in the provided code, raising uncertainty about its security implementation.
    • Recommendation: Define and thoroughly review the onlyUtb modifier for robust access control.

  5. Gas Usage Optimization:

    • Concern: The contract's gas usage could potentially be optimized, especially in functions like swapExactIn and swapExactOut where refactoring may reduce duplicate code.
    • Recommendation: Refactor code to optimize gas usage and enhance efficiency.

DcntEth.sol

The DcntEth.sol contract represents an OmniFungible Token (OFT) designed for cross-chain interactions. A detailed review of the mechanisms is provided below:

  1. Unrestricted setRouter Function:
    • Concern: The setRouter function lacks access control, allowing any user to change the router address, posing a significant security risk.
    • Recommendation: Restrict the setRouter function to

the contract owner or another trusted role to prevent unauthorized changes.

  1. Assumed Parent Contract Security:

    • Concern: The contract assumes the security of the inherited OFTV2 contract without explicitly validating or auditing its security.
    • Recommendation: Conduct a thorough audit of the OFTV2 contract and any other inherited contracts to ensure overall security.

  2. Missing Checks on Minting and Burning:

    • Concern: The contract lacks checks or limits on minting and burning, potentially exposing the contract to abuse if the router or owner is compromised.
    • Recommendation: Implement checks and limits on minting and burning functions to prevent potential abuse.

  3. Event Logging Absence:

    • Concern: The contract does not emit events for critical actions like changing the router or minting/burning tokens, hindering transparency.
    • Recommendation: Incorporate event logging for key state changes to enhance transparency and tracking.

Systemic Risks

UTB.sol

Systemic Risk:

The UTB.sol contract, serving as a cross-chain bridge or DeFi platform, exhibits potential systemic risks related to various functionalities.

Recommendations:

  1. Swapping Functionality:

    • Limit the approved amount in the performSwap function and conduct a thorough audit of the swapper contract to ensure its security.

  2. Swap and Execute:

    • Strengthen signature verification and review the ECDSA signing process for fee collection in the swapAndExecute function.

  3. Bridge Functionality:

    • Ensure the security and correctness of the bridge adapter to prevent loss of native tokens during bridging transactions.

  4. General Security Concerns:

    • Implement decentralized control to reduce centralization risks.
    • Use reentrancy guards and conduct thorough audits to address potential vulnerabilities.
    • Clarify trust assumptions in external contracts and consider additional security measures.

UTBExecutor.sol

Systemic Risk:

The UTBExecutor.sol contract, responsible for executing payment transactions, exhibits systemic risks that should be addressed.

Recommendations:

  1. Reentrancy:

    • Implement reentrancy guards to protect against reentrant calls during external contract interactions.

  2. Gas Limit:

    • Specify gas limits for call operations to prevent out-of-gas errors.

  3. ERC20 Return Values:

    • Check and handle return values of ERC20 transfer functions to ensure secure token transfers.

  4. Solidity Version:

    • Consider keeping the Solidity version up-to-date for security fixes.

DecentEthRouter.sol

Systemic Risk:

The DecentEthRouter.sol contract, serving as a bridge between Ethereum and other chains, introduces systemic risks that should be mitigated.

Recommendations:

  1. Reentrancy Vulnerability:

    • Implement reentrancy protection using the checks-effects-interactions pattern or the nonReentrant modifier.

  2. Lack of Gas Limit for External Calls:

    • Specify reasonable gas limits for external calls to prevent unexpected gas consumption.

  3. Ownership Manipulation:

    • Thoroughly review and audit owner-only functions inherited from Owned for potential security risks.

  4. Limited Error Handling:

    • Provide clear and comprehensive error messages in require statements, and ensure all error conditions are appropriately checked.

Time spent:

15 hours

#0 - c4-pre-sort

2024-01-26T17:45:21Z

raymondfam marked the issue as sufficient quality report

#1 - c4-judge

2024-02-03T14:50:19Z

alex-ppg marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter