Halborn Logo

Mars Protocol Core Contracts (Updated code) - Mars Protocol


Prepared by:

Halborn Logo

HALBORN

Last Updated 04/26/2024

Date of Engagement by: February 14th, 2022 - February 18th, 2022

Summary

100% of all REPORTED Findings have been addressed

All findings

1

Critical

0

High

1

Medium

0

Low

0

Informational

0


1. AUDIT SUMMARY

Mars Protocol engaged Halborn to conduct a security assessment on CosmWasm smart contracts beginning on February 14th, 2022 and ending February 18th, 2022.

The security engineers involved on the audit are blockchain and smart-contract security experts with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this audit is to achieve the following:

    • Ensure that smart contract functions work as intended.

    • Identify potential security issues with the smart contracts.

In summary, Halborn identified some improvements to reduce the likelihood and impacts of the risks, which were accepted by Mars team. The main ones are the following:

    • Update the logic of some functions in mars-red-bank contract to turn addresses into lower case.

    • Update and store the amount of Mars tokens owned by mars-staking contract in its storage when staking / unstaking.

External threats, such as financial related attacks, oracle attacks, and inter-contract functions and calls should be validated for expected logic and state.

2. TEST APPROACH & METHODOLOGY

Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the smart contract audit. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of smart contracts and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the audit:

    • Research into architecture, purpose, and use of the platform.

    • Manual code read and walkthrough.

    • Manual assessment of use and safety for the critical Rust variables and functions in scope to identify any contracts logic related vulnerability.

    • Fuzz testing (Halborn custom fuzzing tool)

    • Checking the test coverage (cargo tarpaulin)

    • Scanning of Rust files for vulnerabilities (cargo audit) \newline

3. SCOPE

\begin{enumerate} \item CosmWasm Smart Contracts \begin{enumerate} \item Repository: \href{https://github.com/mars-protocol/mars-core}{mars-core} \item Commit ID: \href{https://github.com/mars-protocol/mars-core/tree/d08152d5fc0294635c57b8bc51fe0962c79e4363 }{d08152d5fc0294635c57b8bc51fe0962c79e4363} \item Contracts in scope: \begin{enumerate} \item mars-council \item mars-red-bank \item mars-vesting \end{enumerate} \end{enumerate} \end{enumerate}

It is worth noting that the results of this audit are a complement to the information provided in a previous report for the security audit performed to the codebase with commit id fcaa6ffe918a0890a1a6c57f26edb6f8feb25633.

Out-of-scope: External libraries and financial related attacks

4. RISK METHODOLOGY

Vulnerabilities or issues observed by Halborn are ranked based on the risk assessment methodology by measuring the LIKELIHOOD of a security incident and the IMPACT should an incident occur. This framework works for communicating the characteristics and impacts of technology vulnerabilities. The quantitative model ensures repeatable and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the Risk scores. For every vulnerability, a risk level will be calculated on a scale of 5 to 1 with 5 being the highest likelihood or impact.
RISK SCALE - LIKELIHOOD
  • 5 - Almost certain an incident will occur.
  • 4 - High probability of an incident occurring.
  • 3 - Potential of a security incident in the long term.
  • 2 - Low probability of an incident occurring.
  • 1 - Very unlikely issue will cause an incident.
RISK SCALE - IMPACT
  • 5 - May cause devastating and unrecoverable impact or loss.
  • 4 - May cause a significant level of impact or loss.
  • 3 - May cause a partial impact or loss to many.
  • 2 - May cause temporary impact or loss.
  • 1 - May cause minimal or un-noticeable impact.
The risk level is then calculated using a sum of these two values, creating a value of 10 to 1 with 10 being the highest level of security risk.
Critical
High
Medium
Low
Informational
  • 10 - CRITICAL
  • 9 - 8 - HIGH
  • 7 - 6 - MEDIUM
  • 5 - 4 - LOW
  • 3 - 1 - VERY LOW AND INFORMATIONAL

5. SCOPE

Out-of-Scope: New features/implementations after the remediation commit IDs.

6. Assessment Summary & Findings Overview

Critical

0

High

1

Medium

0

Low

0

Informational

0

Impact x Likelihood

HAL-01

Security analysisRisk levelRemediation Date
MULTIPLE CONSEQUENCES WHEN INTERACTING WITH UPPER-CASE ADDRESSESHighFuture Release

7. Findings & Tech Details

7.1 MULTIPLE CONSEQUENCES WHEN INTERACTING WITH UPPER-CASE ADDRESSES

// High

Description

When users deposit, withdraw, borrow or repay in contracts/mars-red-bank/src/contract.rs using on_behalf_of / recipient_address address in upper case (e.g.: TERRA1KG...XNL8), the following consequences occur:

  • Deposited tokens cannot be used to borrow.
  • Recipient cannot use his withdrawn tokens.
  • Recipient cannot use his borrowed tokens.
  • Repaying will throw error messages.

These issues happen because the values are stored in contract's storage with the upper case address as a key, which creates conflicts when values are loaded using info.sender as a key, which is always in lower case (e.g.: terra1kg...xnl8).

Code Location

Resources affected

 mars-red-bank: execute_deposit (on_behalf_of)
 mars-red-bank: execute_withdraw (recipient_address)
 mars-red-bank: execute_borrow (recipient_address)
 mars-red-bank: execute_repay (on_behalf_of)
Score
Impact: 4
Likelihood: 4
Recommendation

PENDING: The Mars team stated that in the short term they would analyze how to address this issue comprehensively on the protocol.

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

© Halborn 2024. All rights reserved.