TraderDAOai smart contracts security audit report performed by chhajershrenik.
Commit: f9361197082c833146120cb1a29c59c40fc11e8a
In total, 2 issues were reported, including:
- 2 critical severity issues.
In total, 26 notes were reported, including:
-
12 notes.
-
14 owner privileges.
- Contract
Ambassador_Redeem_Contract
contract inherits basic access control properties from Openzeppelin's Ownable contract, where the contract's ownership can be transferred or renounced. Renouncing ownership will leave the contract without an owner, thereby disabling any functionality that is only available to the owner. - Function
SetPause()
allows the owner to pause or resume the contracts functionalities available to the users, users would not be able to redeem USDT tokes for the signature signed by thesignerAddress
if the contract is paused. - Function
SetSigner()
allows the owner to update thesignerAddress
, all previous un-redeemed signatures will be invalid if thesignerAddress
is updated, new signatures must be generated for previous unclaimed signatures. - Function
Save()
allows owner to withdraw ERC-20 tokens from the contract.
3.2. Liquidity_Wallet
ERC-20 standard allows the owner of tokens to approve a wallet address as a spender of the tokens. The spender cannot trade POT tokens using the function Claim()
of the tokens which he is authorized to transfer.
Consider modifying the contract's logic to allow the authorized spender to trade POT tokens of a wallet.
The function SetDecimal()
allows the gov
address to modify Decimal
for the POT token used to value the POT token in USD. The POT token has a constant decimal of 18, modifying the decimal would lead to deflation/inflation in the value of the POT tokens.
Consider removing the SetDecimal()
function or making the decimals()
call to the token contract to get the token decimals.
- Contract
Liquidity_Wallet
contract inherits basic access control properties from Openzeppelin's Ownable contract, where the contract's ownership can be transferred or renounced. Renouncing ownership will leave the contract without an owner, thereby disabling any functionality that is only available to the owner. - Function
SetPause()
allows the owner to pause or resume the contracts functionalities available to the users, users would not be able to trade POT tokens for USDT tokens if the contract is paused. - Function
SetGov()
allows the owner to update thegov
address. - Function
Save()
allows owner to withdraw ERC-20 tokens from the contract.
3.3. POT_Token.sol
The contract uses the pause
variable to determine whether the users can use contract functionalities, but the contract is missing a function to change the contract state.
Consider implementing a function to change the state of the contract by modifying the pause
variable.
All ERC-20 token functionalities except function mint()
is available to the user when the contract state is set to pause.
Consider implementing checks to restrict users from accessing functions if the contract state is paused based on the requirements.
- Contract
POT_Token
contract inherits basic access control properties from Openzeppelin's Ownable contract, where the contract's ownership can be transferred or renounced. Renouncing ownership will leave the contract without an owner, thereby disabling any functionality that is only available to the owner. - Function
ownerMint
allows the owner to mint arbitrary tokens. - Function
SetSigner()
allows the owner to update thesignerAddress
, all previous un-redeemed signatures will be invalid if thesignerAddress
is updated, new signatures must be generated for previous unclaimed signatures.
Based on the docs the Proof_of_Trade_Arbi_One contract should rewards users in POT tokens, but the contract's implementation rewards users in USDT tokens.
Consider reviewing the implementation or updating documentation based on the business requirements.
- Function
SetSigner()
allows the owner to update thesignerAddress
, all previous un-redeemed signatures will be invalid if thesignerAddress
is updated, new signatures must be generated for previous unclaimed signatures. - Function
SetPause()
allows the owner to pause or resume the contracts functionalities available to the users, users would not be able to Deposit USDT tokens or Claim rewards if the contract is paused. - Function
Save()
allows owner to withdraw ERC-20 tokens from the contract.
Contracts Ambassador_Redeem_Contract, POT_Token and Proof_of_Trade_Arbi_One uses soliditiy's ecrecover()
function to recover signer address from the signature. The function ecrecover()
is known to have signature malleability issues, therefore there can exist a valid alternative message hash with the same signature (v, r, and s) allowing an attacker to replay the signature. While the probability of an attacker reversing the alternative message hash and having access to the private key for the respective wallet address for the wallet in message data is highly unlikely, in case if possible it would allow the attacker to replay the signature to claim/mint arbitrary tokens based on the message.
The message hash generation also does not append any blockchain-specific information (PREFIX) to the message hash, allowing newly generated signatures to be replayed across both chains in case of a hard fork.
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Ambassador_Redeem_Contract.sol#L511-L527
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/POT_Token.sol#L662-L678
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Proof_Of_Trade_Arbi_One.sol#L497-L513
- Unlocked Pragma
Contracts should be deployed using the same compiler version/flags with which they have been tested. Locking the floating pragma, i.e. by not using ^ in pragma solidity ^0.8.16, ensures that contracts do not accidentally get deployed using an older compiler version with unfixed bugs.
- Missing docstrings
The contracts in the code base lack documentation. This hinders reviewers’ understanding of the code’s intention, which is fundamental to correctly assess not only security but also correctness. Additionally, docstrings improve readability and ease maintenance. They should explicitly explain the purpose or intention of the functions, the scenarios under which they can fail, the roles allowed to call them, the values returned, and the events emitted.
Consider thoroughly documenting all functions (and their parameters) that are part of the contracts’ public API. Functions implementing sensitive functionality, even if not public, should be documented as well. When writing docstrings, consider following the Ethereum Natural Specification Format (NatSpec).
- Missing test suite
The contract is missing a test suite to validate and verify the behavior of the contract functionalities. Add tests are recommended to ensure that the contract functions and behaves as expected.
- Redundant comments
The contracts contain comments about files imported but were never imported in the contract.
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Ambassador_Redeem_Contract.sol#L387
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Liquidity_Wallet.sol#L394
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Proof_Of_Trade_Arbi_One.sol#L389
- Unused variable, mapping, and functions
The declared variable, mapping, and functions in the contracts are never utilized and can be safely removed to optimize gas costs during deployment.
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Liquidity_Wallet.sol#L401
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/POT_Token.sol#L326
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/Ambassador_Redeem_Contract.sol#L462-L475
- https://github.com/TraderDAOai/contracts/blob/f9361197082c833146120cb1a29c59c40fc11e8a/POT_Token.sol#L613-L626
- Missing zero address checks
In several places in the code, addresses are passed as parameters to functions. In many of these instances, the functions do not validate that the passed address is not the address 0. While this does not currently pose a security risk, consider adding checks for the passed addresses being nonzero to prevent unexpected behavior where required, or documenting the fact that a zero address is indeed a valid parameter.
- Insufficient event logging
Multiple functions with owner privileges in the contracts do not emit an event. Events are useful to inform external dapps or users that an important state was modified on the contract.
USDT
variable can be marked as immutable and the functionSetUSDT()
can be removed
The Tether USD (USDT) contract is a proxy contract, it is very unlikely that the address would change as the contract can be upgraded by the respective team without changing the Tether USD (USDT) contract address. It would be safe to remove the function SetUSDT()
from the contracts to optimize the contract code and save deployment gas costs. Marking the variable USDT
as immutable in the contracts would also help save gas costs during variable reads.
- Open-source contact.
- The contract should pass a bug bounty after the completion of the security audit.
- Public testing.
- Automated anomaly detection systems. - NOT IMPLEMENTED. A simple anomaly detection algorithm is recommended to be implemented to detect behavior that is atypical compared to normal for this contract. For instance, the contract must halt deposits in case a large amount is withdrawn in a short period until the owner or the community of the contract approves further operations.
- Multisig owner account.
- Standard ERC20-related issues. - PARTIALLY IMPLEMENTED. It is known that every contract can potentially receive an unintended ERC20-token deposit without the ability to reject it even if the contract is not intended to receive or hold tokens. As a result, it is recommended to implement a function that will allow extracting any arbitrary number of tokens from the contract.
- Crosschain address collisions. ETH, ETC, CLO, etc. It is possible that a transaction can be sent to the address of your contract at another chain (as a result of a user mistake or some software fault). It is recommended that you deploy a "mock contract" that would allow you to withdraw any tokens from that address or prevent any funds deposits. Note that you can reject transactions of native tokens deposited, but you can not reject the deposits of ERC20 tokens. You can use this source code as a mock contract: extractor contract source code. The address of a new contract deployed using
CREATE (0xf0)
opcode is assigned following this schemekeccak256(rlp([sender, nonce]))
. Therefore you need to use the same address that was originally used at the main chain to deploy the mock contract at a transaction with thenonce
that matches that on the original chain. Example: If you have deployed your main contract with address 0x010101 at your 2021th transaction then you need to increase your nonce of 0x010101 address to 2020 at the chain where your mock contract will be deployed. Then you can deploy your mock contract with your 2021th transaction, and it will receive the same address as your mainnet contract.
pause
is unnecessary and can be removed. The docs and implementation of the state change and the respective restriction were missing in this case.