Platform: Code4rena
Start Date: 01/03/2024
End Date: 22/03/2024
Period: 21 days
Status: Completed
Pot Size: $60,500 USDC
Participants: 18
Reporter: thebrittfactor
Judge: Lambda
Id: 344
League: POLKADOT
DadeKuma | 1/18 | $15,937.95 | 2 | 0 | 0 | 2 | 1 | 0 | 0 | 0 |
zhaojie | 2/18 | $15,225.87 | 3 | 0 | 0 | 2 | 1 | - | 0 | 0 |
0xTheC0der | 3/18 | $12,619.42 | 2 | 0 | 0 | 1 | 1 | - | 0 | 0 |
Koolex | 4/18 | $2,606.45 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Cryptor | 5/18 | $994.09 | 2 | 0 | 0 | 0 | 0 | - | 0 | - |
hunter_w3b | 6/18 | $630.47 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | - |
albahaca | 7/18 | $484.98 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | - |
popeye | 8/18 | $484.98 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | - |
ihtishamsudo | 9/18 | $391.62 | 1 | 0 | 0 | 0 | 0 | - | 0 | 0 |
Bauchibred | 10/18 | $129.08 | 2 | 0 | 0 | 0 | 0 | - | 0 | - |
Auditor per page
pink-runtime is the ink! contract execution engine for Phala Network, built on Substrate's pallet-contracts with custom chain extensions, written in Rust.
It executes smart contracts on the Phala Network. It is compiled to a Linux shared object, libpink.so. It is loaded and runs in the Phala Network's off-chain TEE workers.
See the README for more information.
The codes in this repository are copied from Phala Network's repository, keeping the directory structure while removing unnecessary files and directories.
| File | SLOC | Purpose |
|---|---|---|
| pink/runtime/src/runtime.rs | 209 | Construct and configure the substrate runtime |
| pink/runtime/src/contract.rs | 199 | The contracts call/instantiation API |
| pink/runtime/src/storage/mod.rs | 119 | Abstract storage provider for the runtime |
| pink/runtime/src/storage/external_backend.rs | 18 | The storage provider for the runtime |
| pink/runtime/src/runtime/pallet_pink.rs | 168 | The pallet used to store some costom configuration of the runtime |
| pink/runtime/src/capi/mod.rs | 53 | The entrypoint of the libpink.so, FFI helpers bridge between the cross lib boundary |
| pink/runtime/src/capi/ecall_impl.rs | 273 | The enterward cross boundary call support |
| pink/runtime/src/capi/ocall_impl.rs | 92 | The low level outward cross boundary call support |
| pink/runtime/src/runtime/extension.rs | 440 | The chain extension implementation of the runtime, inheriting pink-chain-extension with some overwrites |
| pink/capi/src/v1/mod.rs | 225 | Definition of the cross host-lib function calls (ecalls and ocalls) |
| pink/capi/src/types.rs | 86 | Types exported to host |
| pink/chain-extension/src/lib.rs | 458 | The chain extension feature implementation |
| pink/chain-extension/src/local_cache.rs | 371 | Implementation of the feature worker local cache |
| Total | 2711 |
These files are some direct or indirect dependencies of the runtime but most of the codes are not included in the final runtime shared object. They are not in the scope of this audit.
crates/sgx-attestation/src/lib.rs crates/sgx-attestation/src/dcap.rs crates/sgx-attestation/src/ias.rs crates/sgx-attestation/src/dcap/constants.rs crates/sgx-attestation/src/dcap/quote.rs crates/sgx-attestation/src/dcap/tcb_info.rs crates/sgx-attestation/src/dcap/report.rs crates/sgx-attestation/src/dcap/utils.rs crates/sgx-attestation/src/ias/report.rs crates/sgx-attestation/src/gramine.rs crates/sgx-attestation/build.rs crates/this-crate/src/lib.rs crates/phala-crypto/src/lib.rs crates/phala-crypto/src/ecdh.rs crates/phala-crypto/src/aead/stream.rs crates/phala-crypto/src/key_share.rs crates/phala-crypto/src/sr25519.rs crates/phala-crypto/src/aead.rs crates/pink/capi/src/lib.rs crates/pink/capi/src/helper.rs crates/pink/capi/build.rs crates/pink/pink/tests/test_chain_extensions.rs crates/pink/pink/src/lib.rs crates/pink/pink/src/logger.rs crates/pink/pink/src/allocator_dlmalloc.rs crates/pink/pink/src/system.rs crates/pink/pink/src/topic.rs crates/pink/pink/src/chain_extension/http_request.rs crates/pink/pink/src/chain_extension/test.rs crates/pink/pink/src/chain_extension/signing.rs crates/pink/pink/macro/src/lib.rs crates/pink/pink/macro/src/chain_extension.rs crates/pink/pink/macro/src/contract.rs crates/pink/pink/macro/src/driver_system.rs crates/pink/macro/src/lib.rs crates/pink/macro/src/macro_xcall.rs crates/pink/macro/src/tests.rs crates/pink/runtime/tests/helpers/ink_helpers.rs crates/pink/runtime/tests/helpers/mod.rs crates/pink/runtime/tests/helpers/xcalls.rs crates/pink/runtime/tests/helpers/test_cluster.rs crates/pink/runtime/tests/helpers/storage.rs crates/pink/runtime/tests/test_pink_contract.rs crates/pink/runtime/src/export_fixtures.rs crates/pink/runtime/src/storage/in_memory_backend.rs crates/pink/loader/src/lib.rs crates/pink/loader/src/runtimes.rs crates/pink/loader/src/storage.rs crates/pink/loader/src/runtimes/v1.rs crates/pink/chain-extension/src/mock_ext.rs crates/pink/pink-types/src/lib.rs crates/pink/pink-types/src/result.rs crates/pink/pink-types/src/js.rs crates/pink/pink-types/src/sgx.rs crates/phala-git-revision/src/lib.rs crates/phala-git-revision/build.rs crates/phala-types/src/lib.rs crates/phala-types/src/contract.rs crates/type-info-stringify/src/lib.rs crates/phala-serde-more/src/lib.rs crates/phala-serde-more/src/option_key_bytes.rs crates/phala-serde-more/src/scale_bytes.rs crates/phala-serde-more/src/key_bytes.rs crates/phala-serde-more/src/pubkey_bytes.rs crates/reqwest-env-proxy/src/lib.rs crates/phala-mq/tests/tests.rs crates/phala-mq/src/lib.rs crates/phala-mq/src/types.rs crates/phala-mq/src/send_queue.rs crates/phala-mq/src/simple_mpsc.rs crates/phala-mq/src/checkpoint_helper.rs crates/phala-mq/src/dispatcher.rs crates/phala-mq/src/signer/mod.rs crates/phala-trie-storage/tests/test_state_root.rs crates/phala-trie-storage/src/lib.rs crates/phala-trie-storage/src/memdb.rs crates/phala-trie-storage/src/ser.rs crates/phala-sanitized-logger/src/lib.rs crates/phala-sanitized-logger/src/logger.rs crates/phala-sanitized-logger/src/test.rs crates/phala-sanitized-logger/src/subscriber.rs crates/prpc/src/lib.rs crates/phala-wasm-checker/src/lib.rs crates/phala-wasm-checker/src/error.rs
- If you have a public code repo, please share it here: https://github.com/Phala-Network/phala-blockchain/blob/master/crates/pink/runtime/, https://github.com/Phala-Network/phala-blockchain/blob/master/crates/pink/capi/ - How many contracts are in scope?: 1 - Total SLoC for these contracts?: 2711 - How many external imports are there?: 28 - How many separate interfaces and struct definitions are there for the contracts within scope?: struct: 24, trait: 10 - Does most of your code generally use composition or inheritance?: Composition - How many external calls?: 0 - What is the overall line coverage percentage provided by your tests?: 90 - Is this an upgrade of an existing system?: No - On which Parachain will the contracts be deployed?: Phala Network - Check all that apply (e.g. timelock, NFT, AMM, ERC20, rollups, etc.): ERC-20 Token, Non ERC-20 Token, Timelock function - Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: Yes - Please describe required context: The understanding of Substrate runtime development and pallet-contracts (the ink contract pallet) - Does it use an oracle?: No - Describe any novel or unique curve logic or mathematical models your code uses: - Is this either a fork of or an alternate implementation of another project?: True - Does it use a side-chain?: - Describe any specific areas you would like addressed:
git clone https://github.com/code-423n4/2024-03-phala-network cd 2024-03-phala-network/phala-blockchain/crates/pink/runtime # for test only cargo test # if not already installed cargo install cargo-llvm-cov # for coverage report ./cov.sh
Employees of Phala Network and employees' family members are ineligible to participate in this audit.