CoinFabrik was requested to audit the contracts for the AlexGo undertaking. First we are going to present a abstract of our discoveries after which we are going to present the main points of our findings.
The contracts audited are from the alex-v1 git repository. The audit is predicated on the commit
44c44846bfbcce6096be04bd1380728c98f09ec8. The fixes had been added to the commit
The audited contracts are:
readability/contracts/alex-vault.clar: Contract that shops system tokens and permits flash loans.
readability/contracts/pool/alex-launchpad.clar: IDO token launchpad.
readability/contracts/pool/alex-reserve-pool.clar: Contract for token staking.
The scope of the audit is proscribed to these recordsdata. No different recordsdata on this repository had been audited. Its dependencies are assumed to work in accordance with their documentation. Additionally, no assessments had been reviewed for this audit.
With out being restricted to them, the audit course of included the next analyses:
● Arithmetic errors
● Race circumstances
● Reentrancy assaults
● Misuse of block timestamps
● Denial of service assaults
● Extreme fuel utilization
● Lacking or misused perform qualifiers
● Needlessly complicated code and contract interactions
● Poor or nonexistent error dealing with
● Inadequate validation of the enter parameters
● Incorrect dealing with of cryptographic signatures
● Centralization and upgradeability
Abstract of Findings
We discovered a important difficulty, two medium points and a minor difficulty. Additionally, two
enhancements had been proposed.
The important severity difficulty and the 2 medium points had been acknowledged. Two minor severity points had been fastened. An enhancement was applied.
These are the privileged roles that we recognized on every of the audited contracts.
At first, the proprietor is the tackle of the deployer. Then, the proprietor can set an tackle as a brand new proprietor. Additionally, this function can set a brand new flash mortgage price price and add new authorised contracts, flash mortgage customers and flash mortgage tokens. Lastly, the proprietor can switch fungible and semi-fungible tokens saved within the vault.
The authorised contracts are addresses which may execute the switch features to maneuver fungible and semi-fungible tokens from the vault contract. This tackle set is initialized together with
alex-reserve-pool, collateral-rebalancing-pool, fixed-weight-pool, liquidity-bootstrapping-pool, yield-token-pool, and yield-collateral-rebalancing-pool.
Permitted Flash Mortgage Customers
Flash mortgage customers are addresses allowed for use when
flash-loan() is named. This contract ought to implement the precise trait to ensure that the vault contract to name the
At first, the proprietor is the tackle of the deployer. Then, the proprietor can set an tackle as a brand new proprietor. Additionally, this function can create new token-ticket swimming pools.
That is an tackle set by the proprietor for every pool created. This tackle is the one one allowed to supply tokens to the pool. Additionally, this tackle receives the quantity of stacks paid to validate the winner ticket.
At first, the proprietor is the tackle of the deployer. Then, the proprietor can set an tackle as a brand new proprietor. Additionally, this function can add new authorised contracts and authorised tokens, set a brand new activation delay, activation threshold, a brand new worth for the halving cycle and coinbase quantity of a token and a brand new reward cycle size. Lastly, the proprietor can enhance and reduce the stability of a token.
The authorised contracts are addresses which may enhance and reduce the stability of a token. Initially, the contracts included on this set are:
collateral-rebalancing-pool, fixed-weight-pool, yield-token-pool, yield-collateral-rebalancing-pool and the
reserve pool itself.
Safety Points Discovered
Safety dangers are categorised as follows:
●Crucial: These are points that we handle to take advantage of. They compromise the
system severely. They should be fastened instantly.
●Medium: These are doubtlessly exploitable points. Although we didn’t
handle to take advantage of them or their impression shouldn’t be clear, they may characterize a
safety threat within the close to future. We recommend fixing them as quickly as doable.
●Minor: These points characterize issues which are comparatively small or tough to benefit from however might be exploited together with different points. These sorts of points don’t block deployments in manufacturing environments. They need to be taken under consideration and be fastened when doable
A difficulty detected by this audit can have 4 distinct statuses:
●Unresolved: The difficulty has not been resolved.
●Acknowledged: The difficulty stays within the code however is a results of an intentional determination.
●Resolved: Adjusted program implementation to get rid of the danger.
●Mitigated: Carried out actions to reduce the impression or probability of the danger.
Crucial Severity Points
CR-01 Unfair Lotteries by way of Weak Randomness
Customers can validate their tickets in the course of the registration course of, delimited by the variables registration-start and registration-end. A counter is elevated for every ticket validated, and every consumer has a variety of positions associated to after they joined the lottery and the quantity of tickets validated. When the registration ends and the minimal quantity of individuals is reached, customers can name
declare() one time for every ticket validated.
This perform determines if the ticket is a winner primarily based on a pseudo-random quantity modulo the counter of tickets. If the ensuing worth is within the vary of positions of tickets validated by the consumer, then it’s a winner ticket.
Nonetheless, the primary pseudo-random quantity is generated primarily based on the
registration-start block within the first name to assert(). For the next calls, the perform calculates a brand new pseudo-random primarily based on the most recent random.
Subsequently, for the reason that contract is public and the method clear, anybody can calculate the sequence of values to be generated. Customers can speculate with which place is essentially the most handy to register themselves and when to assert primarily based on the next quantity within the sequence.
The hypothesis within the registration might be solved utilizing the VRF seed of the block subsequent to the tip of the registration (
registration-end + 1) as randomness supply.
Lastly, the hypothesis within the claiming order might be solved computing the
pseudo-random quantity with the talked about VRF seed and a price distinctive for every ticket (e.g., the ticket’s place). Then, utilizing two fixed values, the claiming order is not going to have an effect as a result of the random quantity is already decided.
Acknowledged. declare() now makes use of registration-end as an alternative of
registration-start for the VRF seed. The hypothesis was decreased, however it nonetheless makes use of a seed that may be recognized if
register() is named at registration-end. Utilizing the block subsequent to registration-end can remedy the issue.
The brand new adjustments additionally made all the random sequence unpredictable. Nonetheless, the following random nonetheless might be predicted and the consumer would possibly verify if this random is useful and anticipate the following random if not. In an effort to keep away from the hypothesis within the claiming order, the quantity ought to be generated with both an enter unknown for the consumer or fixed values. The primary resolution makes the following random unpredictable for the consumer, whereas the second makes it fixed.
Medium Severity Points
ME-01 Insecure Authentication by way of tx-sender
tx-sender returns the unique sender of the present transaction, or if as-contract was known as to switch the sending context, it returns that contract principal. Utilizing this variable for authentication shouldn’t be safe. Actors within the system may very well be targets of phishing. That is analogous to what occurs to tx.origin and
msg.sender in Solidity. There, the conference is to make use of
msg.sender, which works just like the
As an illustration, the vault’s proprietor might be tricked into calling a malicious contract which executes
vault.set-contract-owner() in opposition to his will.
tx-sender for authentication.
returns the caller of the present contract context.
Acknowledged. A brand new improvement would tackle this difficulty.
ME-02 Impartial Profitable Likelihood in Lottery
Because it was described in CR-01, every
declare() execution generates a brand new random quantity. Subsequently, whereas there are tokens to switch, the profitable chance is impartial and the quantity of winners is unknown. In an effort to remedy it, the perform checks if all of the tickets supplied had been gained earlier than executing the remainder of the perform. When all of the winner tickets are decided, the itemizing is accomplished and new claims should not accepted. This mechanism might end in two points.
Firstly, some tokens won’t be claimed if there should not sufficient winner tickets. Moreover, there isn’t a use given to this the rest tokens.
Secondly, it generates a race situation between the customers to assert earlier than the itemizing is accomplished. In any other case, a consumer won’t be able to assert
even when he has tickets.
An answer could be to generate solely n random numbers, the place n is the variety of profitable tickets. Then, declare() would verify if one of many random numbers had been within the consumer’s vary of tickets. Nonetheless, resulting from Readability limitations, this resolution can’t be applied.
Minor Severity Points
MI-01 Arithmetic Underflow Calculating Staking Reward
get-entitled-staking-reward(), the rewards are calculated with the quotient between the quantity staked by the consumer and the whole quantity staked, multiplied by the token’s coinbase quantity.
Quotient’s outcome might have a better imprecision than the outcome obtained by
multiplying first after which dividing it by the whole staked.
For a extra exact outcome, get the product between the coinbase quantity and the quantity staked by the consumer, and divide it by the whole quantity staked:
MI-02 Ended Pool might be Created
Pool creation perform
(create-pool()) doesn’t validate the block numbers supplied for the
registration-end variables. Subsequently, a pool might be created with out time for registration.
registration-start ought to be checked to be equal or higher than the present block quantity.
These things don’t characterize a safety threat. They’re greatest practices that we
EN-01 Lacking Supply Code Feedback
The launchpad contract lacks of perform documentation within the supply code.
Feedback documenting a perform helps the contract reader to know higher the utilization of that piece of code.
Not applied. The event staff dedicated so as to add the documentation.
EN-02 Pointless Computation to Examine if the Itemizing Is Activated
The itemizing mapping accommodates a variable named activated that’s initially set to false when the pool is created after which elevated for every new register. The
register() perform updates the worth to true if the quantity of tickets validated (total-subscribed) reached the
There isn’t any different perform that updates the
total-subscribed worth nor the activated worth. Nonetheless, the getter perform
is-listing-activated() computes once more the comparability between the 2 variables as an alternative of studying from the activated variable.
Learn from the activated variable as an alternative of performing the comparability once more.
●2022-01-07 – Preliminary report primarily based on commit
●2022-01-11 – Reaudit report primarily based on the fixes in commit
●2022-01-13 – CR-01 state modified to “acknowledged”.
Disclaimer: This audit report shouldn’t be a safety guarantee, funding recommendation, or an approval of the AlexGo undertaking since CoinFabrik has not reviewed its platform. Furthermore, it doesn’t present a wise contract code faultlessness assure.