Platform: Code4rena
Start Date: 31/03/2022
Pot Size: $75,000 USDC
Total HM: 7
Participants: 42
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 5
Id: 102
League: ETH
Rank: 15/42
Findings: 2
Award: $281.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rayn
Also found by: 0xDjango, 0xkatana, 0xkowloon, BouSalman, CertoraInc, Dravee, Funen, Hawkeye, IllIllI, Jujic, Kenshin, Kthere, Meta0xNull, Sleepy, TerrierLover, async, aysha, berndartmueller, catchup, cccz, cmichel, csanuragjain, danb, defsec, georgypetrov, hake, hubble, kenta, kyliek, pauliax, rfa, robee, sahar, shenwilly, teryanarmen
177.1539 USDC - $177.15
PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/pcv/PCVDeposit.sol#L30 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L206 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L293 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L242 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L280
Manual Code Review
Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L85 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/pcv/compound/ERC20CompoundPCVDeposit.sol#L22 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/pcv/compound/CompoundPCVDepositBase.sol#L31 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L71
Code Review
Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.
The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone if the address is incorrect, the new address will take on the functionality of the new role immediately
for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert
None
Implement zero address check and Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.
There are many external risks so my suggestion is that you should consider making the contracts pausable, so in case of an unexpected event, the admin can pause transfers.
Code Review
Consider making contracts Pausable https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol.
The critical procedures should be two step process.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L157 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L167 https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/peg/NonCustodialPSM.sol#L182
Code Review
Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.
All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Core.sol#L20
Manual Code Review
While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.
The afunctions that change critical parameters should emit events. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services. The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.
Missing events and timelocks do not promote transparency and if such changes immediately affect users’ perception of fairness or trustworthiness, they could exit the protocol causing a reduction in liquidity which could negatively impact protocol TVL and reputation.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L218
See similar High-severity H03 finding OpenZeppelin’s Audit of Audius (https://blog.openzeppelin.com/audius-contracts-audit/#high) and Medium-severity M01 finding OpenZeppelin’s Audit of UMA Phase 4 (https://blog.openzeppelin.com/uma-audit-phase-4/)
None
Add events to all functions that change critical parameters.
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
Solidity 0.8.10 has a useful change which reduced gas costs of external calls which expect a return value: https://blog.soliditylang.org/2021/11/09/solidity-0.8.10-release-announcement/
Code Generator: Skip existence check for external contract if return data is expected. In this case, the ABI decoder will revert if the contract does not exist
All Contracts
None
Consider to upgrade pragma to at least 0.8.10.
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xNazgul, 0xkatana, 0xkowloon, CertoraInc, Dravee, Funen, Hawkeye, Jujic, Kenshin, Meta0xNull, Sleepy, TerrierLover, catchup, csanuragjain, defsec, georgypetrov, kenta, okkothejawa, rayn, rfa, robee, saian, samruna
104.0146 USDC - $104.01
Shortening revert strings to fit in 32 bytes will decrease deploy time gas and will decrease runtime gas when the revert condition has been met.
Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
Revert strings > 32 bytes are here:
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L140 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/CoreRef.sol::48 => "CoreRef: Caller is not a PCV controller" 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/CoreRef.sol::56 => "CoreRef: Caller is not a governor or contract admin" 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/CoreRef.sol::64 => "CoreRef: Caller is not a governor" 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/CoreRef.sol::72 => "CoreRef: Caller is not a guardian or governor" 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/CoreRef.sol::82 => "CoreRef: Caller is not governor or guardian or admin"
Manual Review
Shorten the revert strings to fit in 32 bytes. That will affect gas optimization.
For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/volt/Volt.sol#L83
None
Consider applying unchecked arithmetic where overflow/underflow is not possible.
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
Solidity 0.8.10 has a useful change which reduced gas costs of external calls which expect a return value: https://blog.soliditylang.org/2021/11/09/solidity-0.8.10-release-announcement/
Code Generator: Skip existence check for external contract if return data is expected. In this case, the ABI decoder will revert if the contract does not exist
All Contracts
None
Consider to upgrade pragma to at least 0.8.10.
calldata instead of memory for function parametersIn some cases, having function arguments in calldata instead of memory is more optimal.
Consider the following generic example:
contract C { function add(uint[] memory arr) external returns (uint sum) { uint length = arr.length; for (uint i = 0; i < arr.length; i++) { sum += arr[i]; } } }
In the above example, the dynamic array arr has the storage location memory. When the function gets called externally, the array values are kept in calldata and copied to memory during ABI decoding (using the opcode calldataload and mstore). And during the for loop, arr[i] accesses the value in memory using a mload. However, for the above example this is inefficient. Consider the following snippet instead:
contract C { function add(uint[] calldata arr) external returns (uint sum) { uint length = arr.length; for (uint i = 0; i < arr.length; i++) { sum += arr[i]; } } }
In the above snippet, instead of going via memory, the value is directly read from calldata using calldataload. That is, there are no intermediate memory operations that carries this value.
Gas savings: In the former example, the ABI decoding begins with copying value from calldata to memory in a for loop. Each iteration would cost at least 60 gas. In the latter example, this can be completely avoided. This will also reduce the number of instructions and therefore reduces the deploy time cost of the contract.
In short, use calldata instead of memory if the function argument is only read.
Note that in older Solidity versions, changing some function arguments from memory to calldata may cause "unimplemented feature error". This can be avoided by using a newer (0.8.*) Solidity compiler.
Examples Note: The following pattern is prevalent in the codebase:
function f(bytes memory data) external { (...) = abi.decode(data, (..., types, ...)); }
Here, changing to bytes calldata will decrease the gas. The total savings for this change across all such uses would be quite significant.
Examples:
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/refs/OracleRef.sol#L84
None
Change memory definition with calldata.
Strict inequalities add a check of non equality which costs around 3 gas.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L140
Code Review
Use >= or <= instead of > and < when possible.
That would Increase gas costs on all privileged operations.
The following role variables are marked as constant.
2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Permissions.sol::10 => bytes32 public constant override BURNER_ROLE = keccak256("BURNER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Permissions.sol::11 => bytes32 public constant override MINTER_ROLE = keccak256("MINTER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Permissions.sol::13 => keccak256("PCV_CONTROLLER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Permissions.sol::14 => bytes32 public constant override GOVERN_ROLE = keccak256("GOVERN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/Permissions.sol::15 => bytes32 public constant override GUARDIAN_ROLE = keccak256("GUARDIAN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::18 => bytes32 internal constant GOVERNOR = keccak256("GOVERN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::21 => bytes32 internal constant GUARDIAN = keccak256("GUARDIAN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::24 => bytes32 internal constant PCV_CONTROLLER = keccak256("PCV_CONTROLLER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::27 => bytes32 internal constant MINTER = keccak256("MINTER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::34 => bytes32 internal constant PARAMETER_ADMIN = keccak256("PARAMETER_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::37 => bytes32 internal constant ORACLE_ADMIN = keccak256("ORACLE_ADMIN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::41 => keccak256("TRIBAL_CHIEF_ADMIN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::45 => keccak256("PCV_GUARDIAN_ADMIN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::48 => bytes32 internal constant MINOR_ROLE_ADMIN = keccak256("MINOR_ROLE_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::51 => bytes32 internal constant FUSE_ADMIN = keccak256("FUSE_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::54 => bytes32 internal constant VETO_ADMIN = keccak256("VETO_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::57 => bytes32 internal constant MINTER_ADMIN = keccak256("MINTER_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::60 => bytes32 internal constant OPTIMISTIC_ADMIN = keccak256("OPTIMISTIC_ADMIN"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::67 => bytes32 internal constant LBP_SWAP_ROLE = keccak256("SWAP_ADMIN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::70 => bytes32 internal constant VOTIUM_ROLE = keccak256("VOTIUM_ADMIN_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::73 => bytes32 internal constant MINOR_PARAM_ROLE = keccak256("MINOR_PARAM_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::76 => bytes32 internal constant ADD_MINTER_ROLE = keccak256("ADD_MINTER_ROLE"); 2022-03-volt-cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/core/TribeRoles.sol::79 => bytes32 internal constant PSM_ADMIN_ROLE = keccak256("PSM_ADMIN_ROLE");
This results in the keccak operation being performed whenever the variable is used, increasing gas costs relative to just storing the output hash. Changing to immutable will only perform hashing on contract deployment which will save gas.
See: ethereum/solidity#9232 (https://github.com/ethereum/solidity/issues/9232#issuecomment-646131646)
Code Review
Consider to change the variable to be immutable rather than constant.
The following contract functions performs an ERC20.approve() call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead.
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/pcv/compound/ERC20CompoundPCVDeposit.sol#L31
None
Its recommend to using OpenZeppelin’s SafeERC20 versions with the safeApprove function that handles the return value check as well as non-standard-compliant tokens.