Introduction
We express our gratitude to the Vow team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
Vow aims to change the world by decentralizing the issuance of currency.
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Vow
- Audited By
- Stepan Chekhovskoi, Nataliia Balashova
- Approved By
- Grzegorz Trawinski
- Website
- https://vow.foundation→
- Changelog
- 11/09/2024 - Initial Report
- 20/09/2024 - Final Report
- Platform
- Ethereum
- Language
- Solidity
- Tags
- ERC-777, Factory
- Methodology
- https://hackenio.cc/sc_methodology→
Review Scope
- Initial Commit
- c5af4649bb82c7305a3e6bdddd42e5517cbc15cd
- Final Commit
- c84f3e75fd1977a8baceb8058704135ea61e18bc
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Functional Overview and Technical Description are provided.
The code is covered with NatSpec comments.
Code quality
The code is clean and well-written.
The development environment is configured.
Test coverage
Code coverage of the project is 100% (branch coverage).
The code is covered with tests.
System Overview
The audit covers VSCBase and VSCGovernor contracts.
VSCBase - ERC-777 compatible token (backward compatible to ERC-20). Implements burn-on-transfer functionality.
VSCGovernor - Management contract allows for the VSCBase contracts deployment and effective configuration. Authorized merchants receive VSC at increased ratio for locking VOW tokens.
Privileged roles
The system owner is able to deploy and configure new
VSCBasecontracts.The system owner is able to mint new VSC tokens, set up the burn-on-transfer rate, exclude specific accounts from the burn-on-transfer.
The system owner is able to configure MVD who are able to initiate (lock VOW and mint VSC) and liquidate (buyout VSC for locked VOW and burn) merchants.
The system owner is able to whitelist users allowed to directly exchange VOW for VSC.
The system owner is able to update the Oracle price feed used for VOW to VSC mint amount calculations.
The system owner is able to pause the VSC token transfers.
Risks
Centralization Disclaimer: While all of the points below are duly noted, the Client team have confirmed that the MSW is operated by the Vow Ecosystem Foundation on behalf of the community. All major changes to system variables and delegations to MVDs require a community vote on snapshot, ensuring decentralization in the governance process. While the governance mechanism is not included in the audit scope, systems employing voting process for authorizing crucial operations on smart contracts are considered to be strong to target attacks and less suspicious to malicious owner manipulations.
Scope Definition and Security Guarantees: The audit does not cover VOW token implementation which is utilized in the system. Contracts outside the audit scope may introduce vulnerabilities, potentially impacting the overall security due to the interconnected nature of smart contracts.
Centralized Control of Minting Process: The token contract’s design allows for centralized control over the minting process, posing a risk of unauthorized token issuance, potentially diluting the token value and undermining trust in the project's economic governance.
Arbitrary Oracle Address Setting by Admin: Allowing the admin to set oracle addresses without constraints or verification mechanisms introduces the risk of incorrect or malicious oracle selection, affecting the accuracy of data and potentially leading to financial losses.
Single Points of Failure and Control: The project is fully centralized, introducing single points of failure and control. This centralization can lead to vulnerabilities in decision-making and operational processes, making the system more susceptible to targeted attacks or manipulation.
Flexibility and Risk in Contract Upgrades: The project's contracts are upgradable, allowing the administrator to update the contract logic at any time. While this provides flexibility in addressing issues and evolving the project, it also introduces risks if upgrade processes are not properly managed or secured, potentially allowing for unauthorized changes that could compromise the project's integrity and security.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
F-2024-5976 | Swap Rate Manipulation due to Minimal Amount Out On-Chain Calculation | Fixed | High | |
F-2024-5962 | Merchants Mint Amount Can be Affected due to Unreliable Price Source | Mitigated | High | |
F-2024-5992 | Unreliable Token Prices due to Lack of Oracle Data Expiration | Mitigated | Medium | |
F-2024-5974 | Possible Invalid Purchase Rate due to Lack of Chainklink Oracle Output Validation | Fixed | Medium | |
F-2024-5972 | Authorization with Signed Message Best Practice Violation | Fixed | Low | |
F-2024-5970 | Unsafe Signed Integer Casting | Fixed | Low | |
F-2024-5995 | Lack of ERC-20 Operation Success Validation | Accepted | Observation | |
F-2024-5994 | Assert Violation | Fixed | Observation | |
F-2024-5975 | Missing Interface Implementation | Fixed | Observation | |
F-2024-5973 | Unexpected Revert Message | Fixed | Observation |
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details
- Initial Commit
- c5af4649bb82c7305a3e6bdddd42e5517cbc15cd
- Final Commit
- c84f3e75fd1977a8baceb8058704135ea61e18bc
- Whitepaper
- https://vow-2.gitbook.io/white-paper→
- Requirements
- README.md
- Technical Requirements
- README.md
Contracts in Scope
contracts/interfaces/IVSC.solcontracts/interfaces/IVSCGovernor.solcontracts/VSCBase.solcontracts/VSCGovernor.sol