search

code-423n4 / 2022-06-nibbl-findings

1 stars 0 forks source link

QA Report #167

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

ISSUE LIST

C4-001: Missing events for only functions that change critical parameters - Non Critical

C4-002 : Critical changes should use two-step procedure - Non Critical

C4-003 : Pragma Version - Non Critical

C4-004 : Missing zero-address check in the setter functions and initiliazers - Low

C4-005 : Front-runnable Initializers - LOW

C4-006 : Direct usage of ecrecover allows signature malleability - LOW

C4-007 : Add disableInitializers to Prevent Front-running - LOW

C4-008 : Low level calls with solidity version 0.8.14 can result in optimiser bug. - LOW

C4-009 : Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom - Non-critical

ISSUES

C4-001 : Missing events for only functions that change critical parameters

Impact - Non critical

The afunctions that change critical parameters should emit events. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services. The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.

Missing events and timelocks do not promote transparency and if such changes immediately affect users’ perception of fairness or trustworthiness, they could exit the protocol causing a reduction in liquidity which could negatively impact protocol TVL and reputation.

Proof of Concept

  1. Navigate to the following contract.
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L485
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVaultFactory.sol#L158
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVaultFactory.sol#L140

See similar High-severity H03 finding OpenZeppelin’s Audit of Audius (https://blog.openzeppelin.com/audius-contracts-audit/#high) and Medium-severity M01 finding OpenZeppelin’s Audit of UMA Phase 4 (https://blog.openzeppelin.com/uma-audit-phase-4/)

Tools Used

None

Recommended Mitigation Steps

Add events to all functions that change critical parameters.

C4-002 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The critical procedures should be two step process.

Proof of Concept

  1. Navigate to the following contract.
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L485

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-003 : # Pragma Version

Impact

In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Proof of Concept

https://swcregistry.io/docs/SWC-103

All Contracts

Tools Used

Manual code review

Recommended Mitigation Steps

Lock the pragma version: delete pragma solidity 0.8.10 in favor of pragma solidity 0.8.10.

C4-004 : # Missing zero-address check in the setter functions and initiliazers

Impact

Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.

Proof of Concept

  1. Navigate to the following contracts.
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L485
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L173
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVaultFactory.sol#L38
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVaultFactory.sol#L123

Tools Used

Code Review

Recommended Mitigation Steps

Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.

C4-005 : Front-runnable Initializers

Impact - LOW

All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.

Proof of Concept

  1. Navigate to the following contracts.
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L173
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/Basket.sol#L23
https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVaultFactory.sol#L38
  1. initialize functions does not have access control. They are vulnerable to front-running.

Tools Used

Manual Code Review

Recommended Mitigation Steps

While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.

C4-006 : Direct usage of ecrecover allows signature malleability

Impact

The permit function of NibblVault calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable (non-unique) signatures and thus is susceptible to replay attacks.

Although a replay attack seems not possible here since the nonce is increased each time, ensuring the signatures are not malleable is considered a best practice (and so is checking _signer != address(0), where address(0) means an invalid signature).

Proof of Concept

https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L552

https://swcregistry.io/docs/SWC-117

https://swcregistry.io/docs/SWC-121

Tools Used

Code Review

Recommended Mitigation Steps

Use the recover function from OpenZeppelin's ECDSA library for signature verification.

C4-007 : Add disableInitializers to Prevent Front-running

Impact

Defining initial values for variables when declaring them in a contract like in the code below does not work for upgradeable contracts.

https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L173

Refer to explanation below:

https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#avoid-initial-values-in-field-declarations

Also, one should not leave the implementation contract uninitialized. None of the implementation contracts in the code base contains the code recommended by OpenZeppelin below, or an empty constructor with the initializer modifier.

Proof of Concept

https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L173

Tools Used

Code Review

Recommended Mitigation Steps


/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
    _disableInitializers();
}

Refer to the link below:

https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#initializing_the_implementation_contract

C4-008 : Low level calls with solidity version 0.8.14 can result in optimiser bug.

Impact

The protocol is using low level calls with solidity version 0.8.14 which can result in optimizer bug.

https://medium.com/certora/overly-optimistic-optimizer-certora-bug-disclosure-2101e3f7994d

Proof of Concept

https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/contracts/NibblVault.sol#L3

Tools Used

Code Review

Recommended Mitigation Steps

Consider upgrading to solidity 0.8.15.

C4-009 : Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Impact - LOW

Impact

It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.

Reference: This similar medium-severity finding from Consensys Diligence Audit of Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call

Proof of Concept

  1. Navigate to the following contract.

  2. transfer/transferFrom functions are used instead of safe transfer/transferFrom on the following contracts.

  contracts/Basket.sol::54 => IERC721(_token).transferFrom(address(this), _to, _tokenId);
  contracts/Basket.sol::80 => _to.transfer(address(this).balance);
  contracts/Basket.sol::87 => IERC20(_token).transfer(msg.sender, IERC20(_token).balanceOf(address(this)));
  contracts/Basket.sol::94 => IERC20(_tokens[i]).transfer(msg.sender, IERC20(_tokens[i]).balanceOf(address(this)));
  contracts/NibblVault.sol::517 => IERC20(_asset).transfer(_to, IERC20(_asset).balanceOf(address(this)));
  contracts/NibblVault.sol::526 => IERC20(_assets[i]).transfer(_to, IERC20(_assets[i]).balanceOf(address(this)));

Tools Used

Code Review

Recommended Mitigation Steps

Consider using safeTransfer/safeTransferFrom or require() consistently.

HardlyDifficult commented 2 years ago

A number of best practices highlighted here.