Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VEN-1798]: Fix Certik 2023-08 findings for PSR/RiskFund/Shortfall contracts #287

Merged
merged 8 commits into from
Aug 16, 2023
Merged

[VEN-1798]: Fix Certik 2023-08 findings for PSR/RiskFund/Shortfall contracts #287

merged 8 commits into from
Aug 16, 2023

Conversation

kkirka
Copy link
Collaborator

@kkirka kkirka commented Aug 9, 2023
edited
Loading

This PR fixes the findings identified by Certik in their 2023-08 audit of PSR, RiskFund and Shortfall contracts.

  • VPB-05 | Typos and Inconsistencies
  • (acknowledged) SSV-03 | Potential To Fill Blocks To Stop Others Bids To Win Auction
  • (TBD) VPB-01 | Custom Errors Can Be Used
  • (TBD) TDT-01 | Unchecked Blocks Can Optimize Contract
  • SSV-06 | Unnecessary Update to marketDebt in _startAuction()
  • SSV-04 | Check on Auction Status Can Be Simplified
  • RHR-01 | View Function Equivalent to Compiler-Generated Getters
  • RFR-01 | Redundant Check on amountOutMin
  • VPB-04 | Ineffectual Use of Reentrancy Guard
  • RFR-03 | Issue With _swapAsset() Depending On convertibleBaseAsset Price
  • SSV-01 | _transferOutOrTrackDebt() Is Not Used When Closing Auction

@kkirka
fix: [SSV-01] use _transferOutOrTrackDebt upon closing the auction
5ca628c 
Problem: The code used safeTransfer when closing an auction, which
may fail due to token restrictions. Failure to close an auction is
a DoS vector.

Solution: If transferring out is not possible, track debt and allow
the auction winner to withdraw funds later.
@kkirka
fix: [VPB-04] fix potential re-entrancy issues
42a9f78 
Problem: There's a potential for cross-function reentrancy in
RiskFund, ProtocolShareReserve, Shortfall contracts arising from
the fact that nonReentrant modifier is not present in all external
functions open to anyone.

Solution: Use nonReentrant where applicable. Follow checks-effects-
-interactions when emitting events.
@kkirka
refactor!: [RHR-01] make poolsAssetsReserves internal
9085787 
Problem: We have a view function getPoolAssetReserve that checks
whether the supplied arguments are valid. Compiler-generated
function duplicates the functionality and adds some gas overhead
to function dispatching.

Solution: Make poolsAssetsReserves internal so that we don't have
a compiler-generated version anymore.
@kkirka
docs: [VPB-05] fix typos and inconsistencies in docs
5effe7b
@kkirka
refactor: [SSV-04] simplify auction status checks
1dbf136
@chechu chechu changed the title Fix Certik 2023-08 findings for PSR/RiskFund/Shortfall contracts [VEN-1798]: Fix Certik 2023-08 findings for PSR/RiskFund/Shortfall contracts Aug 9, 2023
0xlucian
0xlucian previously approved these changes Aug 10, 2023
View reviewed changes
GitGuru7
GitGuru7 previously approved these changes Aug 11, 2023
View reviewed changes
web3rover
web3rover previously approved these changes Aug 11, 2023
View reviewed changes
@kkirka kkirka dismissed stale reviews from web3rover and GitGuru7 via 9930fd5 August 11, 2023 12:11
chechu
chechu previously approved these changes Aug 11, 2023
View reviewed changes
@kkirka
fix: [RFR-01][RFR-03] unify the meaning of minAmountToConvert
db0e468 
Problem: With the evolution of the code, the meaning of the
conversion threshold started to change. As a result, we ended up
comparing the amount out (in tokens), balance of underlying *
oracle price (in dollars), with minAmountToConvert. While in most
cases these values would be close to each other as long as some
stablecoin is used for the threshold, it might be problematic
to set this threshold correctly, considering the potential slippage.

Solution: Expect amountOutMin * base price to be greater than
minAmountToConvert. Adjust the failing test accordingly.
chechu
chechu previously approved these changes Aug 14, 2023
View reviewed changes
@kkirka
fix: revert on approval failures
6c559f1 
Problem: OpenZeppelin safeApprove implementation is deprecated, so
its usage was removed from the RiskFund contract in favor of plain
approve call. However, this is not the correct way to fix the issue
since the updated version of the code doesn't handle the case when
tokens return false to indicate an error.

Solution: Use a custom library similar to Uniswap's TransferHelpers
to make an approve call supporting:
  * false to indicate failure
  * revert to indicate failure
  * non-compliant tokens that don't return any value
@github-actions
Copy link

Code Coverage

Package Line Rate Branch Rate Health
contracts 96% 76%
contracts.Lens 95% 65%
contracts.Pool 100% 92%
contracts.Rewards 95% 62%
contracts.RiskFund 99% 70%
contracts.Shortfall 100% 85%
contracts.lib 100% 89%
Summary 97% (1455 / 1505) 75% (443 / 592)

@kkirka kkirka merged commit 381d991 into develop Aug 16, 2023
3 checks passed
@kkirka kkirka deleted the fix/funds-certik-2023-08 branch August 16, 2023 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chechu chechu chechu approved these changes

@web3rover web3rover web3rover approved these changes

@0xlucian 0xlucian 0xlucian approved these changes

@GitGuru7 GitGuru7 GitGuru7 left review comments

@Debugger022 Debugger022 Awaiting requested review from Debugger022

Assignees

@kkirka kkirka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kkirka @chechu @web3rover @0xlucian @GitGuru7