QA Report

[code423n4]

ISSUE LIST

C4-001 : Missing events for only functions that change critical parameters - Non Critical

C4-002 : Critical changes should use two-step procedure - Non Critical

C4-003 : Missing zero-address/values check in the constructor - Low

C4-004 : The Contract Should approve(0) first

C4-005 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

C4-006 : Contract should have pause/unpause functionality

C4-007 : Front-runnable Initializers

ISSUES

C4-001 : Missing events for only functions that change critical parameters

Impact - Non critical

The afunctions that change critical parameters should emit events. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services. The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.

Missing events and timelocks do not promote transparency and if such changes immediately affect users’ perception of fairness or trustworthiness, they could exit the protocol causing a reduction in liquidity which could negatively impact protocol TVL and reputation.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/AmmConvexGauge.sol#L86

See similar High-severity H03 finding OpenZeppelin’s Audit of Audius (https://blog.openzeppelin.com/audius-contracts-audit/#high) and Medium-severity M01 finding OpenZeppelin’s Audit of UMA Phase 4 (https://blog.openzeppelin.com/uma-audit-phase-4/)

Tools Used

None

Recommended Mitigation Steps

Add events to all functions that change critical parameters.

C4-002 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The critical procedures should be two step process.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/AmmConvexGauge.sol#L86
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/access/RoleManager.sol#L50

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-003 : # Missing zero-address&values check in the constructor

Impact

Missing checks for zero-addresses&values may lead to infunctional protocol, if the variable addresses are updated incorrectly.

Proof of Concept

There are a few validations that could be added to the system:

https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/LpGauge.sol#L33

https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/InflationManager.sol#L55

https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/VestedEscrow.sol#L51

Tools Used

Code Review

Recommended Mitigation Steps

Consider adding zero-address and zero value checks.

C4-004 : The Contract Should approve(0) first

Impact - LOW

Some tokens (like USDT L199) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.

IERC20(token).safeApprove(address(operator), 0);
IERC20(token).safeApprove(address(operator), amount);

Proof of Concept

1. Navigate to the following contracts.

  protocol/contracts/tokenomics/AmmConvexGauge.sol::61 => IERC20(ammToken).safeApprove(booster, type(uint256).max);
  protocol/contracts/tokenomics/FeeBurner.sol::118 => IERC20(token_).safeApprove(spender_, type(uint256).max);

2. When trying to re-approve an already approved token, all transactions revert and the protocol cannot be used.

Tools Used

None

Recommended Mitigation Steps

Approve with a zero amount first before setting the actual amount. Consider use safeIncreaseAllowance and safeDecreaseAllowance.

C4-005 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Impact - LOW

PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Proof of Concept

1. Navigate to the following contract.

protocol/contracts/tokenomics/VestedEscrowRevocable.sol:10:- remove safeTransferFrom logic and add support for "airdropped" reward token
protocol/contracts/tokenomics/VestedEscrowRevocable.sol:60:        rewardToken.safeTransferFrom(
protocol/contracts/tokenomics/AmmConvexGauge.sol:162:        IERC20(ammToken).safeTransferFrom(msg.sender, address(this), amount);
protocol/contracts/tokenomics/FeeBurner.sol:70:            token_.safeTransferFrom(msg.sender, address(this), tokenBalance_);
protocol/contracts/tokenomics/VestedEscrow.sol:10:- remove safeTransferFrom logic and add support for "airdropped" reward token
protocol/contracts/tokenomics/VestedEscrow.sol:146:        rewardToken.safeTransferFrom(holdingContract[msg.sender], _recipient, claimable);
protocol/contracts/tokenomics/AmmGauge.sol:109:        IERC20(ammToken).safeTransferFrom(msg.sender, address(this), amount);

Tools Used

Manual Code Review

Recommended Mitigation Steps

• Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
• Add support in contracts for such tokens before accepting user-supplied tokens
• Consider supporting deflationary / rebasing / etc tokens by extra checking the balances before/after or strictly inform your users not to use such tokens if they don't want to lose them.

C4-006 : Contract should have pause/unpause functionality

Impact

In case a hack is occuring or an exploit is discovered, the team should be able to pause functionality until the necessary changes are made to the system. Additionally, the AuraLocker.sol contract should be manged by proxy so that upgrades can be made by the owner.

To use a thorchain example again, the team behind thorchain noticed an attack was going to occur well before the system transferred funds to the hacker. However, they were not able to shut the system down fast enough. (According to the incidence report here: https://github.com/HalbornSecurity/PublicReports/blob/master/Incident%20Reports/Thorchain_Incident_Analysis_July_23_2021.pdf)

Proof of Concept

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L249

Tools Used

Code Review

Recommended Mitigation Steps

Pause functionality on the contract would have helped secure the funds quickly.

C4-007 : Front-runnable Initializers

Impact - LOW

All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.

Proof of Concept

1. Navigate to the following contracts.

protocol/contracts/BkdLocker.sol:53:    function initialize(
protocol/contracts/LpToken.sol:28:    function initialize(
protocol/contracts/StakerVault.sol:71:    function initialize(address _token) external override initializer {

2. initialize functions does not have access control. They are vulnerable to front-running.

Tools Used

Manual Code Review

Recommended Mitigation Steps

While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.

[GalloDaSballo]

C4-001 : Missing events for only functions that change critical parameters

Agree non-critical

C4-002 : Critical changes should use two-step procedure

Valid as non-critical

C4-003 : # Missing zero-address&values check in the constructor

Valid Low Severity

C4-004 : The Contract Should approve(0) first

Disagree given the examples given are approve to max

C4-005 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Agree with report but please check the copy paste

C4-006 : Contract should have pause/unpause functionality

Random copy paste finding, disagree

C4-007 : Front-runnable Initializers

Because contracts are non upgradeable I agree with this finding and would recommend just using constructors or adding access control to who can call initialize

All in all the report is not bad, however the souless copy paste is unfortunately visible in some findings that are simply out of context