Audit Layout 1 🎿 Audit Layout |Date| 01th Feb - 1th Feb, 2023 | | --- | --- | |Protocol| Protocol name and description | |Reflection | What I've learned| Follow this approach Idea Have base level understanding of what the protocol actually does Look for way users interact with the codebase (this part when you can start thinking about how to mess with certain components but you wont find the gnarly bugs here) Go deeper into the technical documentation (this can be tedious and boring but 100% necessary) Break any assumptions made by developers (this probably where you spend the least amount of time but here is most effective - bugs can be found here, important!) If you few stucked for while (X hours) have a break or ask someone helps 1 - Pass of the code Move quickly, not focus on details, tagging (@audit): 4 ~ 5 hours focused ~ 500 SLOC/h Make questions in code Obvious issues Things that just feel off Ways I can get the protocol to misbehave Audit Layout 2 Areas to come back to go deeper later (complex math) 2 - Confirm Understanding - Usually 2nd day Before moving on, make sure I really understand the system. Review diagrams Review flow 3 - SET UP POC ENVIRONMENT - Code POCs to aprove anything Write POCs that is easy to test - copy, past and run (~10s) 4. Go through all the tags Going through detailed code Thinking about exploits Going on tangents Exploring rabbit holes for way too long check all the questions too 6. Work Backwards from exploits - "For X to happen, either Y or Z would need to be true." - "Y can't be true because it's an invariant based on ABC." - "Z could be true, but only in this weird unlikely case..." 7. Write reports 1. DOCS Audit Layout 3 Similar Protocols 2. What is this supposed to do? 3. Who are the main actors? 4. Problem areas Ex: Bridge malfunction 5. Is there anything it's explicitly not supposed to do? Check in docs and write here Ex: “Do not make assumptions around the block time” - The one-to-one mapping between blocks and transactions will no longer apply. 6. Possible attack vectors Bridge L2 OVM_ETH → Native ETH on Geth therefore could be complications with Reentrancy 7. Diagrams (Miro) Link: 8. Questions Audit Layout 4 Bug Classifications 1. Data a. Calculations Integer Division Integer Overflow-Underflow Integer Sign Integer Truncation Wrong Operator Conversion Problem Decimals interoperability b. Hidden Hidden built-in symbols Hidden state variables Incorrect Inheritance Order c. Initialization Uninitialized Local/State variables Uninitialized Storage variables 2. Description a. Output Right-to-Left-Override Control Character Typo check Check for events in admin changes Natspec incomplete 3. Environment a. Supporting Software Audit Layout 5 Delete Dynamic Array Elements Using continue-statements in do-while-statements 4. Interaction a. Contract call Reentrancy vulnerability Reentrancy Read-only Unhandled Exception Unchecked return values External calls without gas stipends Calls to phantom functions (fallback) Arbitrary Calls Through Tokens (Sand Token) b. Ether flow Forced to receive ether Locked Ether Pre-sent Ether c. ERC Check for special ERC20 cases 5. Interface a. Parameter Call/Delegatecall data/address is controlled externally Hash collision with multiple variable lenght arguments Short address attack Signature with wrong parameter b. Token Interface Non-standard token interface 6. Logic Audit Layout 6 a. Assemble code Returning results using assembly code in the constructor Specify function variable as any type b. Denial of service DOS by complex fallback function DOS by gaslimit DOS by non-existent address or malicious contract c. Fairness Results of contract execution affected by miners transaction order dependence Frontrunning Missing upper/lower bounds or address(0) validation d. Storage Storage overlap attack Proxy Storage Collision e. Signatures No nonce - signature replay attack No chain ID - cross-chain replay attack on an instance of your protocol on another chain No domain (address of contract) - signature replay in another similar project Not checking for addr(0) when using ecrecover f. Timestamp dependence Block.timestamp Manipulation Long time to execute might be a problem 7. Performance a. Gas Audit Layout 7 Byte[] Invariants in loop Invariant state variable are not declared constant Unused public function within the contract should be declared as external 8. Security a. Authority control Replay Attack Signature Maleability - OZ version < 4.7.3 Suicide Contracts Use tx.origin for authentication Wasteful Contracts Wrong Constructor Name b. Privacy Non-public variable are accessed by public/external functions Public data c. Architecture Circuit break mechanism should not prevent users from withdrawing their funds Least privilege principle should be used for the rights of each role 9. Standard a. Maintainability Implicity Visibility Level Nonstandard Naming Too many digits Unlimited Compiler Version Use deprecated built-in symbols Audit Layout 8 b. Programming Specification View/contstant function changes contract state Improper use of require, assert and revert Check for EIPs implementation 10. Bridges a. Precompiles Check precompiles for Missing Call Checks (can be called with delegate calls) b. 11. Attacks Price Oracle Manipulation Flash Loan Attacks Cross-Chain Bridge Manipulation Insolvency Incorrect Slippage - When slippage % is fixed Initial Supply Mint Issue Malicious Honeypot (Compromissed ERC20/ERC777/etc) Sandwich Attacks Complex Exploits: Multiple contract reentrancy Flash-loan to lend, borrow, burn and then liquidate itself Audit Layout 9 Common Lending/Borrowing Vulns Liquidation Before Default Borrower Can't Be Liquidated Debt Closed Without Repayment Repayments Paused While Liquidations Enabled Collateral Pause Stops Existing Repayment & Liquidation Liquidator Takes Collateral With Insufficient Repayment Infinite Loan Rollover Repayment Sent to Zero Address Borrower Permanently Unable To Repay Loan Borrower Repayment Only Partially Credited Check if it's possible to lend and borrow same token - flash-loan + inflating price attack Decoding ROE Finance’s Flash Loan Exploit | QuillAudits On 11th of January, 2023, ROE Finance was attacked in Ethereum Chain. The attacker used the Flash loans to manipulate prices and exploit. https://quillaudits.medium.com/decoding-roe-finances-flash-l oan-exploit-quillaudits-df8494e2090f