Platform: Code4rena
Start Date: 10/02/2022
Pot Size: $100,000 USDC
Total HM: 13
Participants: 21
Period: 7 days
Judge: leastwood
Total Solo HM: 10
Id: 85
League: ETH
Rank: 11/21
Findings: 2
Award: $1,068.73
π Selected for report: 0
π Solo Findings: 0
_safeMint() instead of _mint()OpenZeppelin recommends the usage of _safeMint() instead of _mint(). If the recipient is a contract, safeMint() checks whether they can handle ERC721 tokens.
If the HUB provides an address that can't handle ERC721 tokens when calling mint the minted token might be lost. That would also result in the user not being able to redeem the token anymore.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/CollectNFT.sol#L52 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/FollowNFT.sol#L69 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/LensHub.sol#L149
Code Review
Use _safeMint() whenever possible.
Use a two-step process (new controllership proposition in one transaction and controllership acceptance in another). This function has no validations, even a simple check for zero-address is missing, and there is no validation of the new address being correct. If the admin accidentally uses an invalid address for which they do not have the private key, then the system gets locked because the swivel cannot be corrected and none of the other functions that require admin caller can be executed. A similar issue was reported in a previous contest and was assigned a severity of medium: code-423n4/2021-06-realitycards-findings#105
for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L83 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L78 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/FollowNFT.sol#L78 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/FollowNFT.sol#L83
None
Lack of two-step procedure for critical operations leaves them error-prone. Implement zero address check and Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.
Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly. For instance, If HUB variable is added as a zero address minting functionality will be lost.
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L58 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L59 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L70 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/FollowNFT.sol#L49 https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/CollectNFT.sol#L30
Code Review
Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.
The protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/modules/follow/FeeFollowModule.sol#L89 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/modules/collect/LimitedTimedFeeCollectModule.sol#L164
Manual Code Review
Block timestamps have historically been used for a variety of applications, such as entropy for random numbers (see the Entropy Illusion for further details), locking funds for periods of time, and various state-changing conditional statements that are time-dependent. Miners have the ability to adjust timestamps slightly, which can prove to be dangerous if block timestamps are used incorrectly in smart contracts.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/libraries/PublishingLogic.sol#L165 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/FollowNFT.sol#L239 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/base/LensMultiState.sol#L38 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/CollectNFT.sol#L45
Manual Code Review
Block timestamps should not be used for entropy or generating random numbersβi.e., they should not be the deciding factor (either directly or through some derivation) for winning a game or changing an important state.
Time-sensitive logic is sometimes required; e.g., for unlocking contracts (time-locking), completing an ICO after a few weeks, or enforcing expiry dates. It is sometimes recommended to use block.number and an average block time to estimate times; with a 10 second block time, 1 week equates to approximately, 60480 blocks. Thus, specifying a block number at which to change a contract state can be more secure, as miners are unable to easily manipulate the block number.
Based on the context, client should be able to be updated after deployment. However, there is no function to update it.
Code Review
Consider to define function for client variable.
All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.
Code Review
Consider to define function for client variable.
Re-entrancy is one of the largest and most significant security issue to consider when developing Smart Contracts. While the EVM cannot run multiple contracts at the same time, a contract calling a different contract pauses the calling contract's execution and memory state until the call returns, at which point execution proceeds normally. This pausing and re-starting can create a vulnerability known as "re-entrancy".
Code Review
Consider Implement re-entrancy protection on the related functions.
When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much computation is needed to complete them. The Ethereum network specifies a block gas limit and the sum of all transactions included in a block can not exceed the threshold.
Programming patterns that are harmless in centralized applications can lead to Denial of Service conditions in smart contracts when the cost of executing a function exceeds the block gas limit. Modifying an array of unknown size, that increases in size over time, can lead to such a Denial of Service condition.
Code Review
Caution is advised when you expect to have large arrays that grow over time. Actions that require looping across the entire data structure should be avoided.
If you absolutely must loop over an array of unknown size, then you should plan for it to potentially take multiple blocks, and therefore require multiple transactions.
#0 - Zer0dot
2022-03-24T20:08:30Z
So this is largely valid, we have included the fixes to zero address checks in constructors in https://github.com/aave/lens-protocol/pull/80.
The rest is technically valid but we're not implementing any changes for them.
#1 - Zer0dot
2022-03-24T20:10:00Z
Also not sure what the "client variable" means here.
The use of _msgSender() when there is no implementation of a meta transaction mechanism that uses it, such as EIP-2771, very slightly increases gas consumption.
_msgSender() is utilized three times where msg.sender could have been used in the following function.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/base/ERC721Time.sol#L155 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/base/ERC721Time.sol#L177 https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/base/ERC721Time.sol#L203
None
Replace _msgSender() with msg.sender if there is no mechanism to support meta-transactions like EIP-2771 implemented.
'immutable' greatly reduces gas costs. There are variables that do not change so they can be marked as immutable to greatly improve the gas costs.
Code Review
Mark variables as immutable.
For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/modules/collect/TimedFeeCollectModule.sol#L71
None
Consider applying unchecked arithmetic where overflow/underflow is not possible.
Shortening revert strings to fit in 32 bytes will decrease deploy time gas and will decrease runtime gas when the revert condition has been met. Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/base/ERC721Time.sol#L458
Code Review
Shorten the revert strings to fit in 32 bytes. That will affect gas optimization.
Less than 256 uints are not gas efficientLower than uint256 size storage instance variables are actually less gas efficient. E.g. using uint16 does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint16 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs.
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/modules/ModuleGlobals.sol#L110
Code Review
Consider to review all uint types. Change them with uint256 If the integer is not necessary to present with uint16.
There is a function declared as public that are never called internally within the contract. It is best practice to mark such functions as external instead, as this saves gas (especially in the case where the function takes arguments, as external functions can read arguments directly from calldata instead of having to allocate memory).
https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/LensHub.sol#L493
Slither
All of the public functions in the contract are not called internally, so access can be changed to external to reduce gas.
#0 - Zer0dot
2022-03-24T20:03:39Z
So I think this is largely valid but we won't be acting on it, except the unchecked increments which are included in https://github.com/aave/lens-protocol/pull/80. A lot of this is relating to the ERC721Time contract which is largely a CC of the OpenZeppelin implementation, we don't want to change that much.
The reason we keep the burn function public is because we override it in certain inheriting contracts.