QA Report #190
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
Re Use of deprecated safeApprove()Duplicate of #82 |
Re step ownership transferDuplicate of #143 |
Re reentrancyDuplicate of #109 |
This was referenced Apr 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
C4-001 : Safe Approve Function Is Deprecated
Impact
On the LibAsset contract, It has been observed that to safeIncreaseAllowance and safeDecreaseAllowance are defined however they are not used. On the other hand (OpenZeppelin/openzeppelin-contracts#2268) safeApprove function is deprecated.
Proof of Concept
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibAsset.sol#L67
Tools Used
Code Review
Recommended Mitigation Steps
Consider to enable functions and use safeIncreaseAllowance and safeDecreaseAllowance instead of safeApprove.
C4-002 : Incompatibility With Rebasing/Deflationary/Inflationary tokens
Impact - LOW
LiFinance protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.
Proof of Concept
Tools Used
Manual Code Review
Recommended Mitigation Steps
C4-003 : Missing zero-address check in constructors and the setter functions
Impact - LOW
Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Consider adding zero-address checks in the discussed constructors:
require(newAddr != address(0));.
C4-004 : transferOwnership should be two step process
Impact - LOW
The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone
if the address is incorrect, the new address will take on the functionality of the new role immediately
for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert
Proof of Concept
Tools Used
None
Recommended Mitigation Steps
Implement zero address check and Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.
C4-005 : Front-runnable Initializers
Impact - LOW
All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.
Proof of Concept
Tools Used
Manual Code Review
Recommended Mitigation Steps
While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the
msg.senderand adding theonlyOwnermodifier to all initializers would be a sufficient level of access control.C4-006 : Consider making contracts Pausable
Impact - LOW
There are many external risks so my suggestion is that you should consider making the contracts pausable, so in case of an unexpected event, the admin can pause transfers.
Tools Used
Code Review
Recommended Mitigation Steps
Consider making contracts Pausable https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol.
C4-007 : Critical changes should use two-step procedure
Impact - NON CRITICAL
The critical procedures should be two step process.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.
C4-008 : # DoS With Block Gas Limit
Impact - Non-Critical
When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much computation is needed to complete them. The Ethereum network specifies a block gas limit and the sum of all transactions included in a block can not exceed the threshold.
Programming patterns that are harmless in centralized applications can lead to Denial of Service conditions in smart contracts when the cost of executing a function exceeds the block gas limit. Modifying an array of unknown size, that increases in size over time, can lead to such a Denial of Service condition.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Caution is advised when you expect to have large arrays that grow over time. Actions that require looping across the entire data structure should be avoided.
If you absolutely must loop over an array of unknown size, then you should plan for it to potentially take multiple blocks, and therefore require multiple transactions.
C4-009 : # Missing Re-entrancy Guard
Impact
The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Follow the check effect interaction pattern or put re-entrancy guard.
The text was updated successfully, but these errors were encountered: