PWN Protocol Audit Summary -Ackee Blockchain

PWN is a platform for the ERC-20 token with a token token. You can open a loan in different types to define the relationship between the borrowed credit and the collateral.

PWN participated in Ackee Blockchain Security for three audits in November and December 2024. Thanks highlights include:

• gun 13 resultsinclude Two criticisms.
• Both An important vulnerability has been found Code already placedIt means that all deposit ERC-20 assets are in danger.
• These two missed Previous audit PWN before review of AcKee Blockchain Security.
• Wake’s static analysis and fuzz test tools were also found.

methodology

We have prepared a differential forking fuzz test that was manually induced in the Wake Testing Framework to prepare the integration with external dependencies including protocol implementation and chain links and AAVE protocols.

The second review began with updating the fuzz tests created in the first review. Then, the Wake static analysis detector was executed and a manual code review of the code change was performed. During the manual review, we specifically focused on the correct integration with chainlink and the rest of the codebase.

range

The audit was performed in the commit 7ea4dePWN protocol storage and commit 17db9b In the periphery of PWN.

The scope of the first audit included:

• entire src Excluding the directory of the PWN protocol repository src/Deployments.sol and
• that src/pool-adapter Directory in the peripheral repository around PWN.

Revision 2.0 was performed at Commit bbe7d9In the PWN protocol repository, the audit focused on changes to the code base after the first review.

Revision 2.1 included reviewing the incomplete modifications of an important issue in the second revision and the first review found in the second revision. The review was carried out about the commit. 6f390c.

result

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. warning or Information provision Severe rating.

Wake Testing Framework helped to find five results, including one important issue. The entire source code of all fuzz tests is provided here.

Wake’s static analysis detector has identified two different problems and one of them was important. During manual review, we focused as follows:

• External requests for untrusted contracts cannot be abused for re -creation attacks.
• The contract resists signature regeneration attacks.
• Token arithmetic inside the protocol matches documents and our expectations. and
• The integration with external dependencies is implemented correctly.

Our second review resulted in one medium discovery, interfering with the use of elastic chain link loan proposals due to the wrong implementation of EIP-712 data encoding. The full source code of the updated fuzz test is available here.

The other five discoveries were evaluated as warning and information.

Threshold

C1: Loan Refi Nancing Re -creation

C2: The wrong optimization of loan refinancing

The severity is high

There is no high severe serious problem.

Intermediate

M1: Chain Link Common Logic Logic

M2: Older/Rotate Chain Link Feeds causes DOS

M3: Basic contract that cannot be upgraded

M4: Incorrect EIP-712 Typehash

M5: Incorrect EIP-712 Data Incoding

Low severity

L1: decimal point detection can go back unexpectedly

Significance of warning

W1: AAVE and compounds of previous versions are not supported

W2: creditPerCollateralUnit Split by 0

W3: checkTransfer Sender and receiver conflict

Information seriousness

I1: revokeNonces NONCE space can be cache

I2: LoanDefaulted(uint40) The error parameter has no name

conclusion

The PWN audit of ACKEE BLOCKCHAIN ​​Security has resulted in a total of 13 results in information.

The most serious results, the C1 and C2, were stolen with the risk of all ERC-20 tokens deposited in the protocol. Both important vulnerabilities have been found to exist in the already deployed PWN contracts for several major chains, including Etherrium Mainnet, polygon, arbitration and optimism. Code, which includes both important vulnerabilities, has already been appreciated by two independent companies (not ACKEE BLOCKCHAIN ​​Security).

As soon as the results were found, we started disclosing immediate responsibility to PWN. Thanks to the rapid participation, all assets have been protected and vulnerability has been eased.

AcKee Blockchain Security recommends PWN.

• To detect potential attack vectors, we implement static analysis tools such as Wake.
• Apply recreated security guards to all open functions that perform external calls for untrusted contracts.
• Provide the price feed that requires supply registry contracts, such as all chains links that PWN maintains, and complies with the expected behavior.
• Pay attention to the contract upgrade regarding the storage layout.
• To avoid problems caused by changing storage layouts, we distribute updated PWNCONFIG contracts only with new proxies.
• We reinforce all public functions that carry out external calls for untrusted contracts.
• Be careful when implementing EIP to ensure full compatibility with standards. and
• Solve all the reports reported.

The entire PWN audit report of AcKee Blockchain Security can be found here.

We were happy to be grateful for PWN and expect to work with them again.