QA Report

[code423n4]

ISSUE LIST - Putty

C4-001 : Low level calls with solidity version 0.8.13 can result in optimiser bug. - LOW

C4-002 : Critical changes should use two-step procedure - Non Critical

C4-003 : Use of Block.timestamp - Non-critical

C4-004 : Incompatibility With Rebasing/Deflationary/Inflationary tokens - LOW

C4-005 : DoS With Block Gas Limit - LOW

C4-006 : Missing Re-entrancy Guard - LOW

C4-007 : _safeMint() should be used rather than _mint() wherever possible

ISSUES

C4-001 : Low level calls with solidity version 0.8.13 can result in optimiser bug.

Impact

The protocol is using low level calls with solidity version 0.8.9 which can result in optimizer bug.

https://medium.com/certora/overly-optimistic-optimizer-certora-bug-disclosure-2101e3f7994d

Proof of Concept

https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/LiquidityReserve.sol#L2

Tools Used

Code Review

Recommended Mitigation Steps

Consider upgrading to solidity 0.8.15.

C4-002 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The critical procedures should be two step process. The contracts inherit OpenZeppelin's Ownable contract which enables the onlyOwner role to transfer ownership to another address. It's possible that the onlyOwner role mistakenly transfers ownership to the wrong address, resulting in a loss of the onlyOwner role. The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone if the address is incorrect, the new address will take on the functionality of the new role immediately

for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L53

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-003 : Use of Block.timestamp

Impact - Non-Critical

Block timestamps have historically been used for a variety of applications, such as entropy for random numbers (see the Entropy Illusion for further details), locking funds for periods of time, and various state-changing conditional statements that are time-dependent. Miners have the ability to adjust timestamps slightly, which can prove to be dangerous if block timestamps are used incorrectly in smart contracts.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L290

Tools Used

Manual Code Review

Recommended Mitigation Steps

Block timestamps should not be used for entropy or generating random numbers—i.e., they should not be the deciding factor (either directly or through some derivation) for winning a game or changing an important state.

Time-sensitive logic is sometimes required; e.g., for unlocking contracts (time-locking), completing an ICO after a few weeks, or enforcing expiry dates. It is sometimes recommended to use block.number and an average block time to estimate times; with a 10 second block time, 1 week equates to approximately, 60480 blocks. Thus, specifying a block number at which to change a contract state can be more secure, as miners are unable to easily manipulate the block number.

C4-004 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Impact - LOW

Putty protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Example Test

During the NFT operations, If the inflationary/deflationary tokens are used excepted amount will be lower than deposit.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L324

Tools Used

Manual Code Review

Recommended Mitigation Steps

• Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
• Add support in contracts for such tokens before accepting user-supplied tokens
• Consider supporting deflationary / rebasing / etc tokens by extra checking the balances before/after or strictly inform your users not to use such tokens if they don't want to lose them.

C4-005 : # DoS With Block Gas Limit

Impact - Non-Critical

When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much computation is needed to complete them. The Ethereum network specifies a block gas limit and the sum of all transactions included in a block can not exceed the threshold.

Programming patterns that are harmless in centralized applications can lead to Denial of Service conditions in smart contracts when the cost of executing a function exceeds the block gas limit. Modifying an array of unknown size, that increases in size over time, can lead to such a Denial of Service condition.

Proof of Concept

1. Follow the functions shown below.

  2022-06-putty-main/contracts/src/PuttyV2.sol::556 => for (uint256 i = 0; i < orders.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::594 => for (uint256 i = 0; i < assets.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::598 => require(token.code.length > 0, "ERC20: Token is not contract");
  2022-06-putty-main/contracts/src/PuttyV2.sol::611 => for (uint256 i = 0; i < assets.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::627 => for (uint256 i = 0; i < floorTokens.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::637 => for (uint256 i = 0; i < assets.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::647 => for (uint256 i = 0; i < assets.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::658 => for (uint256 i = 0; i < floorTokens.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::670 => for (uint256 i = 0; i < whitelist.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::728 => for (uint256 i = 0; i < arr.length; i++) {
  2022-06-putty-main/contracts/src/PuttyV2.sol::742 => for (uint256 i = 0; i < arr.length; i++) {

Tools Used

Code Review

Recommended Mitigation Steps

Caution is advised when you expect to have large arrays that grow over time. Actions that require looping across the entire data structure should be avoided.

If you absolutely must loop over an array of unknown size, then you should plan for it to potentially take multiple blocks, and therefore require multiple transactions.

C4-006 : # Missing Re-entrancy Guard

Impact - LOW

The re-entrancy guard is missing on the some of the functions. The external interactions can cause to the re-entrancy vulnerability.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L268

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L389

Tools Used

Code Review

Recommended Mitigation Steps

Follow the check effect interaction pattern or put re-entrancy guard.

C4-007 : # _safeMint() should be used rather than _mint() wherever possible

Impact - LOW

_mint() (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/d4d8d2ed9798cc3383912a23b5e8d5cb602f7d4b/contracts/token/ERC721/ERC721.sol#L271) is discouraged in favor of _safeMint() (https://github.com/Rari-Capital/solmate/blob/4eaf6b68202e36f67cab379768ac6be304c8ebde/src/tokens/ERC721.sol#L180) which ensures that the recipient is either an EOA or implements IERC721Receiver. Both open OpenZeppelin and solmate have versions of this function so that NFTs aren’t lost if they’re minted to contracts that cannot transfer them back out.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L303

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L308

Tools Used

Code Review

Recommended Mitigation Steps

Use _safeMint() instead of _mint().

[outdoteth]

C4-007 : # _safeMint() should be used rather than _mint() wherever possible

Duplicate: Contracts that can’t handle ERC721 tokens will lose their Putty ERC721 position tokens: https://github.com/code-423n4/2022-06-putty-findings/issues/327

[HickupHH3]

C4-005 : # DoS With Block Gas Limit

could have been a dup of #227, but fails to mention the key point regarding the loss of assets due to failure to exercise option.