Through the yield layer of the CIAN Protocol, the user can deposit assets into a safe agreement to obtain yields through multiple strategies. This protocol is a cross chain that can be interoperable and provides grass to a variety of chains that can hold the expression of Vault tokens. This can be exchanged for the deposit tokens of a given chain.
methodology
- Confirmation of technical specifications
The audit range is confirmed with the client and the auditor is on the project. The document provided is reviewed and compared with the audit system. - Tool -based analysis
Deep check with solid static analysis tool Wake up companion Wake The expansion is carried out and displays potential vulnerabilities for further analysis in the early stages of the process. - Manual code review
The auditor manually checks the code one by one to identify vulnerabilities and code quality problems. The main focus is to recognize the potential advantage and the risk of each project. - Local placement and hacking
The contract is located locally Wake up An environment aimed at using vulnerability. The elasticity of the contract for various attack vectors is evaluated. - Devices and fuzz tests
Unit tests are executed to check the expected system operation. Additional devices or fuzz tests can be written using Wake up If the framework coverage interval is identified. The goal is to check the stability of the system under actual conditions and ensure the rigidity of expected and unexpected input.
We started reviewing using the contained static analysis tools. Wake up. Then I dive about the logic of the contract. We used for testing and purging Wake up Test framework. For more information about pursing, Full audit report.
During the review, we paid special attention later.
- Arithmetic operation and system accounting guarantees were correct.
- In the code, it detects reintroduction and unprotected calls.
- Access control is not too comfortable or strict.
- Identify common problems such as data verification.
range
The audit was performed at Commit 54e953 And the range included all contracts except strategy. Revision 1.1 was performed at Commit 06f333In the first review with the modification range of the results.
The results of the audit are as follows.
Threshold
There was no important serious problem.
The severity is high
There is no high severe serious problem.
Intermediate
M1: Incorrect calculations due to intermediary
M2: There is no sufficient data verification in the full state variable.
M3: The user can rarely control the deposit funds.
Low severity
L1: Double EntryPoint-initialize function
L2: Use transfer instead call
L3: The initial rider has been missing in the constructor
L4: Inaccuracy of strategic location restrictions
Significance of warning
W1: Strict equality inspection of balance
W2: potential DEPEG of ETH -based assets
W3: Vault does not comply with ERC4626
W4: Protocol owners can set random exchange prices to full.
W5: Trap of your own contract
W6: Protocol owners can artificially Mint Vault Sharing
W7: DOS may occur due to underflow confirmWithdrawal
W8: The user cannot request more than one withdrawal.
W9: Potential problems in searching for borrowing and supply caps
Information seriousness
I1: The function can be declared as a view function.
I2: Document missing
i3: Natspec comment on Ottawa
i4: missing underlined under the internal function name
i5: Consistency of the modification of access control
I6: Variables that are not used
i7: Instructions that are not used
i8: Unused income
i9: Unused events
i10: I often did not check the return value for receipts
Trust model
The user must trust the protocol owner to act honestly. Once you deposit money in the safe, you will not be able to withdraw money without external confirmation, and the withdrawal amount is also determined by the reality that confirms the withdrawal request. Some discoveries have been raised regarding the trust model (see M3, W6, W4).
conclusion
Our review results have emerged 26 DiscoveryFrom providing information to intermediate seriousness. All problems have been solved and have been recognized as an opinion that is fixed, partially fixed or explained.
This protocol showed centralization, and the right features made the protocol owner greatly dependent (see M3). It also identified arithmetic and data verification issues that could be wrong in protocol accounting (see M1).
Ackee Blockchain Security is recommended for CIAN:
- Write a document.
- Create a comprehensive test suit.
- Focus on the intermediary and precision during the calculation.
- Solve all other reports.
The entire Audit Report of AcKee Blockchain Security can be found in detail with detailed descriptions of all results and recommendations. here.
We were happy to be grateful for CIAN and expect to work with them again.