Back to hubble's contests

Aave Lens contest - hubble's results

Web3 permissionless, composable & decentralized social graph

General Information

Platform: Code4rena

Start Date: 10/02/2022

Pot Size: $100,000 USDC

Total HM: 13

Participants: 21

Period: 7 days

Judge: leastwood

Total Solo HM: 10

Id: 85

League: ETH

Aave Lens

Findings Distribution

Researcher Performance

Rank: 14/21

Findings: 1

Award: $524.92

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAave Lens

Findings Information

🌟 Selected for report: WatchPug

Also found by: 0x0x0x, 0x1f8b, 0xwags, Dravee, cccz, csanuragjain, defsec, gzeon, hubble, hyh, kenta, pauliax, sikorico

Labels

bug
QA (Quality Assurance)

Awards

524.9221 USDC - $524.92

External Links

Link to GitHub issue

Summary of Findings

Issue#1 : Null address check missing while assigning new Governance address in LensHub.sol Issue#2 : Donot allow any transactions when state is not changed in ModuleGlobals.sol Issue#3 : Implementation contracts of FollowNFT and CollectNFT deployed, remains open for initialization

Details Issue#1

Title : Null address check missing while assigning new Governance address in LensHub.sol

Impact

In the event of wrongly assigning ZERO address to the governance address, the governance control of the Lens protocol will be lost.

Proof of Concept

Contract : LensHub.sol

line 79 :

function setGovernance(address newGovernance) external override onlyGov {
    _setGovernance(newGovernance);
}

line 850 :

function _setGovernance(address newGovernance) internal {
    address prevGovernance = _governance;
    _governance = newGovernance;
    emit Events.GovernanceSet(msg.sender, prevGovernance, newGovernance, block.timestamp);
}

Add a require statement to check for null address, in function _setGovernance(). As a best practice the two step standard process for changing the Governance address is recommended.

Details Issue#2

Title : Donot allow any transactions when state is not changed in ModuleGlobals.sol

In the set functions in ModuleGlobals.sol, there is no check if the new Value being set is different than previous Value. Allow changing to new value only if its different than prev value.

Impact

Unnecessary event generated even if no state is changed

Proof of Concept

Contract : ModuleGlobals.sol
line 94 : function _setGovernance(address newGovernance) line 101 : function _setTreasury(address newTreasury) line 108 : function _setTreasuryFee(uint16 newTreasuryFee) line 115 : function _whitelistCurrency(address currency, bool toWhitelist)

Add a require statement to check if prev value is same as new value, example below. if (prevWhitelisted == toWhitelist ) revert Errors.ChangeParamsInvalid()

Details Issue#3

Title : Implementation contracts of FollowNFT and CollectNFT deployed, remains open for initialization.

Risk:

The implementation contracts of FollowNFT and CollectNFT, that is passed as constructor parameter of LensHub, they remain uninitialized and open for initialization. Since these contracts are used extensively for Cloning, it is better to avoid its initialization and keep its state as it was originally deployed.

Proof of Concept

Contract : FollowNFT.sol and CollectNFT.sol Function : initialize()

Mitigation: Add the following lines of code to FollowNFT and CollectorNFT's constructor

constructor(address hub) {
    HUB = hub;
    _initialized = true;  // Avoids initialization of originally deployed contract. Does not affect the cloned contracts.
}

#0 - Zer0dot

2022-03-22T15:18:50Z

First two invalid, third is a good catch and it'd prevent random initialization of the implementation, nice!

#1 - Zer0dot

2022-03-22T15:52:44Z

3rd point addressed in https://github.com/aave/lens-protocol/pull/76

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter