prePO contest - defsec's results

C4-001 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Impact - LOW

PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L168

Tools Used

Manual Code Review

Recommended Mitigation Steps

• Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
• Add support in contracts for such tokens before accepting user-supplied tokens
• Consider supporting deflationary / rebasing / etc tokens by extra checking the balances before/after or strictly inform your users not to use such tokens if they don't want to lose them.

C4-002 : Missing zero-address check in constructors and the setter functions

Impact - LOW

Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.

Proof of Concept

1. Navigate to the following all contract functions.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L44

Tools Used

Code Review

Recommended Mitigation Steps

Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.

C4-003 : transferOwnership should be two step process

Impact - LOW

All contracts are inherited from OpenZeppelin's Ownable and OwnableUpgradable contract which enables the onlyOwner role to transfer ownership to another address. It's possible that the onlyOwner role mistakenly transfers ownership to the wrong address, resulting in a loss of the onlyOwner role. The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone if the address is incorrect, the new address will take on the functionality of the new role immediately

for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert

Proof of Concept

1. Navigate to "https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L10".
2. The contracts have many onlyOwner function.
3. The contract is inherited from the Ownable which includes transferOwnership.

Tools Used

None

Recommended Mitigation Steps

Implement zero address check and Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.

C4-004 : Use of Block.timestamp

Impact - Non-Critical

Block timestamps have historically been used for a variety of applications, such as entropy for random numbers (see the Entropy Illusion for further details), locking funds for periods of time, and various state-changing conditional statements that are time-dependent. Miners have the ability to adjust timestamps slightly, which can prove to be dangerous if block timestamps are used incorrectly in smart contracts.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L62

Tools Used

Manual Code Review

Recommended Mitigation Steps

Block timestamps should not be used for entropy or generating random numbers—i.e., they should not be the deciding factor (either directly or through some derivation) for winning a game or changing an important state.

Time-sensitive logic is sometimes required; e.g., for unlocking contracts (time-locking), completing an ICO after a few weeks, or enforcing expiry dates. It is sometimes recommended to use block.number and an average block time to estimate times; with a 10 second block time, 1 week equates to approximately, 60480 blocks. Thus, specifying a block number at which to change a contract state can be more secure, as miners are unable to easily manipulate the block number.

C4-005 : The Contract Should Approve(0) first

Impact - LOW

Some tokens (like USDT L199) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.

IERC20(token).approve(address(operator), 0);
IERC20(token).approve(address(operator), amount);

Proof of Concept

1. Navigate to the following contract functions.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/Collateral.sol#L76
https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L60
https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L62

Tools Used

None

Recommended Mitigation Steps

Approve with a zero amount first before setting the actual amount.

C4-006 : Front-runnable Initializers

Impact - LOW

All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/Collateral.sol#L38

2. initialize functions does not have access control. They are vulnerable to front-running.

Tools Used

Manual Code Review

Recommended Mitigation Steps

While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.

C4-007 : Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Impact - LOW

It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.

Reference: This similar medium-severity finding from Consensys Diligence Audit of Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call

Proof of Concept

1. Navigate to the following contract.

2. transfer/transferFrom functions are used instead of safe transfer/transferFrom on the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L121

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/PrePOMarket.sol#L123

Tools Used

Code Review

Recommended Mitigation Steps

Consider using safeTransfer/safeTransferFrom or require() consistently.

C4-008 : Consider making contracts Pausable

Impact - LOW

There are many external risks so my suggestion is that you should consider making the contracts pausable, so in case of an unexpected event, the admin can pause transfers.

Tools Used

Code Review

Recommended Mitigation Steps

Consider making contracts Pausable https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol.

C4-008 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The owner is the authorized user in the cosmwasm contracts. Usually, an owner can be updated with update_config function. However, the process is only completed with single transaction. If the address is updated incorrectly, an owner functionality will be lost forever.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L75

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-009 : # DoS With Block Gas Limit

Impact - Non-Critical

When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much computation is needed to complete them. The Ethereum network specifies a block gas limit and the sum of all transactions included in a block can not exceed the threshold.

Programming patterns that are harmless in centralized applications can lead to Denial of Service conditions in smart contracts when the cost of executing a function exceeds the block gas limit. Modifying an array of unknown size, that increases in size over time, can lead to such a Denial of Service condition.

Proof of Concept

1. Follow the functions shown below.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L44

Tools Used

Code Review

Recommended Mitigation Steps

Caution is advised when you expect to have large arrays that grow over time. Actions that require looping across the entire data structure should be avoided.

If you absolutely must loop over an array of unknown size, then you should plan for it to potentially take multiple blocks, and therefore require multiple transactions.

C4-010 : # USE SAFEERC20.SAFEAPPROVE INSTEAD OF APPROVE

Impact - LOW

This is probably an oversight since SafeERC20 was imported and safeTransfer() was used for ERC20 token transfers. Nevertheless, note that approve() will fail for certain token implementations that do not return a boolean value (). Hence it is recommend to use safeApprove().

Proof of Concept

1. Navigate to "https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L60" and "https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L62".
2. Preview approveUnderlying function on the contract.
3. approve function has been used instead of SafeApprove.

Tools Used

Manual Code Review

Recommended Mitigation Steps

Update to _token.safeApprove(spender, type(uint256).max) in the function.

C4-011 : # Missing Vault Input Validation

Impact - LOW

During the code review, It has been observed that vault is not validated. The address check should be added into the function.

## Proof Of Concept

1. https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/SingleStrategyController.sol#L75

Tools Used

Manual Code Review

Recommended Mitigation Steps

Add address check on the function.

C4-001 : ++i is more gas efficient than i++ in loops forwarding

Impact

++i is more gas efficient than i++ in loops forwarding.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L44

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L55

Tools Used

Code Review

Recommended Mitigation Steps

It is recommend to use unchecked{++i} and change i declaration to uint256.

C4-002 : Cache array length in for loops can save gas

Impact

Reading array length at each iteration of the loop takes 6 gas (3 for mload and 3 to place memory_offset) in the stack.

Caching the array length in the stack saves around 3 gas per iteration.

Proof of Concept

1. Navigate to the following smart contract line.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L44

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L55

Tools Used

None

Recommended Mitigation Steps

Consider to cache array length.

C4-003: > 0 can be replaced with != 0 for gas optimization

Impact

!= 0 is a cheaper operation compared to > 0, when dealing with uint.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/Collateral.sol#L326

Tools Used

Code Review

Recommended Mitigation Steps

Use "!=0" instead of ">0" for the gas optimization.

C4-004 : Adding unchecked directive can save gas

Impact - Gas Optimization

Using the unchecked keyword to avoid redundant arithmetic underflow/overflow checks to save gas when an underflow/overflow cannot happen. E.g. 'unchecked' can be applied in the following lines of code since there are require statements before to ensure the arithmetic operations would not cause an integer underflow or overflow. For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.

Proof of Concept

1. Navigate to the following contract function and lines.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/Collateral.sol#L70

Tools Used

Code Review

Recommended Mitigation Steps

Consider applying unchecked arithmetic where overflow/underflow is not possible.

C4-005 : Less than 256 uints are not gas efficient

Impact - Gas Optimization

Lower than uint256 size storage instance variables are actually less gas efficient. E.g. using uint16 does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint16 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L13

Tools Used

None

Recommended Mitigation Steps

Consider to review all uint types. Change them with uint256 If the integer is not necessary to present with uint16.`

C4-006 : There is no need to assign default values to variables

Impact - Gas Optimization

When a variable is declared solidity assigns the default value. In case the contract assigns the value again, it costs extra gas.

Example: uint x = 0 costs more gas than uint x without having any different functionality.

Proof of Concept

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L44

https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L55

Tools Used

Code Review

Recommended Mitigation Steps

uint x = 0 costs more gas than uint x without having any different functionality.

C4-007 : Redundant Code

Impact

The constructor is redundant at the following function. (https://github.com/code-423n4/2022-03-prepo/blob/d62d7146b27fd39a5f1358ffde08766724886cf5/contracts/core/AccountAccessController.sol#L15)

Tools Used

Code Review

Recommended Mitigation Steps

Delete redundant code.