Stable Labs is launching a new stablecoin. In addition to the EUR and USD-based stablecoins, Stable Labs will continue to expand into major markets, including Czech Crown and Polish Zloty.
Stable Lab We have contracted with Ackee Blockchain to conduct a security review of the Stable Labs tokens and treasury contracts for a total of five days from June 24, 2024 to June 28, 2024.
methodology
We started our review using static analysis tools. Stay awake. Then we dug deep into the logic of the contract. We used the Wake test framework for testing and fuzzing.
During our review, we paid special attention to the following:
- Verify that the system’s arithmetic is correct;
- Detects possible reentrancy in your code.
- Ensure that access control is neither too lax nor too strict.
- I’m looking for general issues like data validation.
range
An audit was performed on the commit. 79d08d4 The exact scope is the following files:
- src/connectorLayer/TreasuryOrchestrator.sol
- src/token/StRWA.sol
- src/token/StStable.sol
- src/utils/Greenlist.sol
- src/utils/Treasury.sol
result
The results of the audit are as follows:
Critical severity
No serious problems were found.
High severity
H1: Delete logic does not work.
H2: Locked tokens due to missing authorization
Medium severity
M1: Give up ownership
Low severity
L1: Revert mismatches during transmission.
L2: Double entry point initialize function
L3: Missing Events
Warning Severity
W1: Inconsistent usage msg.sender and _msgSender()
W2: Potential storage conflict
Information Severity
I1: Code Duplication
I2: Unused Imports
I3: Unused Events
I4: That encodedReleases Mapping is not used
I5: Release features are similar
I6: Ambiguous naming of functions
I7: Inconsistent use of modifiers and checks in function bodies
I8: Inefficient array iteration
conclusion
Our review yielded 16 findings ranging from informational to high severity. The most serious problems arise from insufficient testing and can only be discovered by exercising the functionality.
Ackee Blockchain recommends Stable Labs:
- Ideally, you would write a comprehensive test suite that includes fuzz testing.
- Addresses all reported issues.
Ackee Blockchain’s full Stable Labs audit report, which includes a more detailed explanation of all findings and recommendations, can be found here.
We are very pleased to acknowledge Stable Labs and look forward to working with them again in the future.