We express our gratitude to the Aqua Patina team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
Aqua Patina is a platform for Ethereum ReStaking via Eigenlayer.
Document
Review Scope
The system users should acknowledge all the risks summed up in the risks section of the report
Functional requirements are complete.
Technical description is provided.
Whitepaper is not provided.
The development environment is configured.
Code coverage of the project is 100%.
Deployment and basic user interactions are covered with tests.
Negative cases are covered.
Interactions by several users are tested thoroughly.
Aqua Patina (AP) is a platform developed by AVADO AG that streamlines the Ethereum staking and ReStaking process, integrating with Eigenlayer to enhance security provisioning across multiple blockchain applications. Through AP, users can stake ETH, with the protocol managing complex configurations and automatically engaging in ReStaking by leveraging Eigenlayer’s security marketplace.
The audit scope is composed by the following contract:
APETH.sol - Solidity smart contract provides functionality for staking and earning rewards through the Eigenlayer. It includes features such as minting APETH tokens, managing validator stakes, and handling fee collection, but withdrawals are not yet enabled in the contract.
DEFAULT_ADMIN_ROLE - default admin role for all roles.
ETH_STAKER - Users with this role are authorized to stake ETH on behalf of the contract by interacting with the stake
function.
EARLY_ACCESS - This role restricts access to the mint
function, allowing only authorized users to mint APETH tokens during the early-access phase.
UPGRADER - This role allows the holder to upgrade the contract implementation.
SSV_NETWORK_ADMIN - This role can call functions on the SSV Network to manage validator-related operations, such as registering validators or setting a fee recipient address.
EIGEN_POD_ADMIN - This role interacts with the EigenPod contract, allowing actions like token recovery or managing the non-Beacon Chain ETH balance.
EIGEN_POD_MANAGER_ADMIN - Holders of this role can call functions on the EigenPodManager contract, including stake operations and creating pods.
DELEGATION_MANAGER_ADMIN - This role is responsible for delegating and undelegating stake to operators.
MISCELLANEOUS - Users with this role can transfer out ERC20 tokens, potentially for airdrops.
Administrative Key Control Risks: The digital contract architecture relies on administrative keys for critical operations. Centralized control over these keys presents a significant security risk, as compromise or misuse can lead to unauthorized actions or loss of funds.
Manual Interaction Risks with Eigenlayer Contracts: The interactions with Eigenlayer and its associated contracts (EigenPodManager, EigenPod, SSVNetwork, DelegationManager) are manually executed by the administrators rather than being automated within the APETH smart contract. This reliance on manual operations introduces potential for human error and necessitates a higher degree of trust in the APETH protocol administrators. Similarly, the airdrop redistribution function, as mentioned in the NatSpec of transferToken, also relies on manual execution by administrators.
Lack of a withdrawal functionality: The current implementation lacks a withdrawal functionality, compelling users to rely on decentralized exchanges (DEXes) to liquidate their APEth tokens. This reliance on DEXes may result in users incurring losses due to slippage and price volatility, potentially leading to a significant deviation from the fair market value of the APEth tokens being sold.
Unimplemented AP Points feature: The AP Points feature, which is intended to serve as a reward mechanism to recognize and incentivize the engagement and loyalty of Aqua Patina stakers, is mentioned in the documentation but is not implemented in the contract. This discrepancy could lead to confusion among users and stakeholders, and may result in unmet expectations regarding the rewards system.
Flexibility and Risk in Contract Upgrades: The project's contracts are upgradable, allowing the administrator to update the contract logic at any time. While this provides flexibility in addressing issues and evolving the project, it also introduces risks if upgrade processes are not properly managed or secured, potentially allowing for unauthorized changes that could compromise the project's integrity and security.
Absence of Upgrade Window Constraints: The contract suite allows for immediate upgrades without a mandatory review or waiting period, increasing the risk of rapid deployment of malicious or flawed code, potentially compromising the system's integrity and user assets.
Code ― | Title | Status | Severity | |
---|---|---|---|---|
F-2024-6169 | Wallet Receiving Funds Are Immutable | Fixed | Low | |
F-2024-6168 | Lack of Validation for feeAmount Parameter in Constructor | Fixed | Observation | |
F-2024-6167 | Use of Magic Number for Fee Calculation | Fixed | Observation | |
F-2024-6158 | Floating Pragma | Fixed | Observation | |
F-2024-6157 | Unused Custom Error | Fixed | Observation | |
F-2024-6155 | Unsafe ERC20 Transfers | Fixed | Observation |
Severities
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity
Description
Severity
Description
Severity
Description
Severity
Description
The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.
The scope of the project includes the following smart contracts from the provided repository:
Scope Details
src/APETH.sol