Halborn Logo
← Back to Audits

Astroport.fi Maker Contract - Astroport.fi

Prepared by:

Halborn Logo

HALBORN

Last Updated 04/26/2024

Date of Engagement by: February 9th, 2022 - February 18th, 2022

Summary

75% of all REPORTED Findings have been addressed

All findings

4

Critical

0

High

0

Medium

0

Low

1

Informational

3

Table of Contents

1. INTRODUCTION

Astroport.fi engaged Halborn to conduct a security audit on their smart contracts beginning on February 9th and ending on February 18th. The security assessment was scoped to the smart contracts provided to the Halborn team.

2. AUDIT SUMMARY

The team at Halborn was provided two weeks for the engagement and assigned a full-time security engineer to audit the security of the smart contract. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this audit is to:

    • Ensure that smart contract functions operate as intended

    • Identify potential security issues with the smart contracts

In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were mostly addressed by Astroport.fi. The main one being the lack of validation during Bridge removal.

3. TEST APPROACH & METHODOLOGY

Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the smart contract audit. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of smart contracts and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the audit:

    • Research into architecture, purpose, and use of the platform.

    • Manual code read and walkthrough.

    • Manual assessment of use and safety for the critical Rust variables and functions in scope to identify any contracts logic related vulnerability.

    • Fuzz testing (Halborn custom fuzzing tool)

    • Checking the test coverage (cargo tarpaulin)

    • Scanning of Rust files for vulnerabilities (cargo audit) \newline

4. SCOPE

Code repository: tokenomics-maker

\begin{enumerate} \item CosmWasm Maker Smart Contract \begin{enumerate} \item Commit ID: \href{https://github.com/astroport-fi/astroport-core/tree/bd8f8599e1b1867b6e6a005bc4cef209699683e6/contracts/tokenomics/maker}{bd8f8599e1b1867b6e6a005bc4cef209699683e6} \item Contract in scope: \begin{enumerate} \item Maker contract \end{enumerate} \end{enumerate} \end{enumerate}

Out-of-scope: External libraries and financial related attacks.

5. RISK METHODOLOGY

Vulnerabilities or issues observed by Halborn are ranked based on the risk assessment methodology by measuring the LIKELIHOOD of a security incident and the IMPACT should an incident occur. This framework works for communicating the characteristics and impacts of technology vulnerabilities. The quantitative model ensures repeatable and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the Risk scores. For every vulnerability, a risk level will be calculated on a scale of 5 to 1 with 5 being the highest likelihood or impact.
RISK SCALE - LIKELIHOOD
  • 5 - Almost certain an incident will occur.
  • 4 - High probability of an incident occurring.
  • 3 - Potential of a security incident in the long term.
  • 2 - Low probability of an incident occurring.
  • 1 - Very unlikely issue will cause an incident.
RISK SCALE - IMPACT
  • 5 - May cause devastating and unrecoverable impact or loss.
  • 4 - May cause a significant level of impact or loss.
  • 3 - May cause a partial impact or loss to many.
  • 2 - May cause temporary impact or loss.
  • 1 - May cause minimal or un-noticeable impact.
The risk level is then calculated using a sum of these two values, creating a value of 10 to 1 with 10 being the highest level of security risk.
Critical
High
Medium
Low
Informational
  • 10 - CRITICAL
  • 9 - 8 - HIGH
  • 7 - 6 - MEDIUM
  • 5 - 4 - LOW
  • 3 - 1 - VERY LOW AND INFORMATIONAL

6. SCOPE

Out-of-Scope: New features/implementations after the remediation commit IDs.

7. Assessment Summary & Findings Overview

Critical

0

High

0

Medium

0

Low

1

Informational

3

Impact x Likelihood

HAL-01

HAL-02

HAL-03

HAL-04

Security analysisRisk levelRemediation Date
LACK OF VALIDATION UPON BRIDGE REMOVALLowSolved - 02/28/2022
MISUSE OF HELPER METHODSInformationalSolved - 02/28/2022
UNCHECKED MATHInformational-
OVERFLOW CHECKS NOT SET FOR PROFILE RELEASEInformationalAcknowledged

8. Findings & Tech Details

8.1 LACK OF VALIDATION UPON BRIDGE REMOVAL

// Low

Description

AssetInfo instances do not normalize capitalization, taking as different assets ULUNA and uluna. When using the update_bridges function to remove bridges, if a different capitalization was used on the elements of the remove parameter the operation resulted in no modifications being done without the sender receiving any error feedback, as those won't be found in the current list of bridges.

In case the owner unwillingly included incorrect assets to remove the bridge, the undesired bridge would still be available to perform token swapping by the contract, potentially affecting the contract's tokenomics.

Code Location

contracts/tokenomics/maker/src/contract.rs

    // remove old bridges
    if let Some(remove_bridges) = remove {
        for asset in remove_bridges {
            BRIDGES.remove(deps.storage, asset.to_string());
        }
    }
Score
Impact: 3
Likelihood: 2
Recommendation

SOLVED: The issue was fixed with the above recommendation in commit b7fa67c4d2429e61139331717639cd8f50cb1629.

8.2 MISUSE OF HELPER METHODS

// Informational

Description

The use of the unwrap function is very useful for testing environments because a value is forcibly demanded to get an error (aka panic!) if the "Option" does not have "Some" value or "Result". Nevertheless, leaving unwrap functions in production environments is a bad practice because not only will this cause the program to crash out, or panic!, but also no helpful messages are shown to help the user solve or understand the reason of the error.

Code Location

Affected resources

contracts/tokenomics/maker/src/contract.rs:801:            let (asset, bridge) = item.unwrap();
contracts/tokenomics/maker/src/contract.rs:802:            (String::from_utf8(asset).unwrap(), bridge.to_string())
Score
Impact: 1
Likelihood: 1
Recommendation

SOLVED: The issue was fixed with the above recommendation in commit b7fa67c4d2429e61139331717639cd8f50cb1629.

8.3 UNCHECKED MATH

// Informational

Description
Finding description placeholder
Score
Impact:
Likelihood:

8.4 OVERFLOW CHECKS NOT SET FOR PROFILE RELEASE

// Informational

Description

While the overflow-checks parameter is set to true in profile.release and implicitly applied to all contracts and packages from in workspace, it is not explicitly enabled in Cargo.toml file for each individual package, which could lead to unexpected consequences if the project is refactored.

Code Location

Affected resources

contracts/tokenomics/maker/Cargo.toml
Score
Impact: 1
Likelihood: 1
Recommendation

ACKNOWLEDGED: Astroport acknowledged this finding.

9. Automated Testing

AUTOMATED ANALYSIS

Description

Halborn used automated security scanners to assist with detection of well-known security issues and vulnerabilities. Among the tools used was cargo audit, a security scanner for vulnerabilities reported to the RustSec Advisory Database. All vulnerabilities published in https://crates.io are stored in a repository named The RustSec Advisory Database. cargo audit is a human-readable version of the advisory database which performs a scanning on Cargo.lock. Security Detections are only in scope. To better assist the developers maintaining this code, the auditors are including the output with the dependencies tree, and this is included in the cargo audit output to better know the dependencies affected by unmaintained and vulnerable crates.

\begin{center} \begin{tabular}{|l|p{2cm}|p{9cm}|} \hline \textbf{ID} & \textbf{package} & \textbf{Short Description} \ \hline \href{https://rustsec.org/advisories/RUSTSEC-2020-0025}{RUSTSEC-2020-0025} & bigint & biginit is unmaintained, use uint instead \ \hline \end{tabular} \end{center}

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

© Halborn 2024. All rights reserved.