Prepared by:
HALBORN
Last Updated 08/13/2024
Date of Engagement by: August 5th, 2024 - August 9th, 2024
100% of all REPORTED Findings have been addressed
All findings
3
Critical
0
High
0
Medium
0
Low
0
Informational
3
Solayer team engaged Halborn to conduct a security assessment on their Restaking Solana program beginning on August 5th, 2024, and ending on August, 09th, 2024. The security assessment was scoped to the Solana Program provided in solayer-labs/restaking-program GitHub repository. Commit hashes and further details can be found in the Scope section of this report.
The Restaking program has both administrative and user-facing instructions, and the main purpose is to allow the deposit of different LST assets (collaterals) in exchange of RST assets, which currently is exclusively sSOL.
Administrative Instructions:
Initialize: Allows the initialization of a pool PDA, derived from the lst_mint (collateral) account address, configures a protocol vault to receive the collateral LST, and defines the RST, which is the asset the Solayer protocol gives back in exchange for collaterals.
Batch Unfreeze: Utility instruction, used to batch thaw accounts.
User-facing instructions:
Restake: Allows users to deposit their LST collateral in the respective pool and vault, in order to receive (mint) RST tokens from the protocol in exchange. Performs CPI to mint_to method in the interfaced token program.
Unrestake: Allows users to withdraw their LST collateral from the respective pool and vault, and give back (burn) the RST. Performs CPI to burn method in the interfaced token program.
Halborn was provided 4 days for the engagement and assigned one full-time security engineer to review the security of the Solana Program in scope. The engineer is a blockchain and smart contract security expert with advanced smart contract hacking skills, and deep knowledge of multiple blockchain protocols.
The purpose of the assessment is to:
Identify potential security issues within the Restaking Solana Program.
Ensure that the program's functionality operates as intended.
In summary, Halborn identified some non-critical issues, that were addressed and acknowledged by the Solayer team:
Avoid using require! inside loops
Lack of Zero Amount validation
Decimals should be enforced
Outdated dependencies
Overall, the program in-scope is adherent to Solana's best-practices and carries consistent code quality.
Halborn performed a combination of a manual review of the source code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the program assessment. While manual testing is recommended to uncover flaws in business logic, processes, and implementation; automated testing techniques help enhance coverage of programs and can quickly identify items that do not follow security best practices.
The following phases and associated tools were used throughout the term of the assessment:
Research into the architecture, purpose, and use of the platform.
Manual program source code review to identify business logic issues.
Mapping out possible attack vectors.
Thorough assessment of safety and usage of critical Rust variables and functions in scope that could lead to arithmetic vulnerabilities.
Scanning dependencies for known vulnerabilities (cargo audit).
Local runtime testing (anchor test).
| EXPLOITABILIY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
0
Medium
0
Low
0
Informational
3
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Avoid using require! inside loops | Informational | Acknowledged |
| Lack of Zero Amount validation | Informational | Acknowledged |
| Outdated dependencies | Informational | Solved - 08/12/2024 |
// Informational
The current implementation of the BatchUnfreeze instruction uses require! statements inside loops, which can lead to inefficiencies and potential failures. If a require! statement fails within a loop, the entire loop will terminate, causing the entire operation to fail.
- programs/restaking-program/src/contexts/batchunfreeze.rs
pub fn batch_thaw_lst_accounts(&mut self, lst_token_accounts: &[AccountInfo<'info>]) -> Result<()> {
if self.signer.key() != Pubkey::from_str(SOLAYER_ADMIN).unwrap() {
return Err(ProgramError::MissingRequiredSignature.into());
}
for unchecked_lst_token_account in lst_token_accounts.iter() {
// check if the account is owned by the token program before deserializing
require!(unchecked_lst_token_account.owner.key() == self.token_program.key(), RestakingError::MintMismatch);
let token_account = TokenAccount::try_deserialize(&mut &unchecked_lst_token_account.data.borrow()[..])?;
require!(token_account.mint == self.rst_mint.key(), RestakingError::MintMismatch);
if !token_account.is_frozen() {
continue;
}
let bump = [self.pool.bump];
let signer_seeds: [&[&[u8]]; 1] = [
&[
b"pool",
self.lst_mint.to_account_info().key.as_ref(),
&bump
][..]
];
let ctx = CpiContext::new_with_signer(
self.token_program.to_account_info(),
ThawAccount {
account: unchecked_lst_token_account.clone(),
authority : self.pool.to_account_info(),
mint: self.rst_mint.to_account_info()
},
&signer_seeds
);
thaw_account(ctx)?;
}
Ok(())
}It is recommended to avoid using require! statements inside loops, in order to prevent undesired failures.
ACKNOWLEDGED: The Solayer team acknowledged this issue.
// Informational
The program in-scope does not prevent the restake and unrestake methods from being called with amount == 0.
- programs/restaking-program/src/contexts/restaking.rs
pub fn restake(ctx: Context<Restaking>, amount: u64) -> Result<()> {
// Check if solayer_signer has signed the restake transaction
// since we will impose TVLs caps at different epochs
/*let solayer_signer: &UncheckedAccount<'_> = &ctx.accounts.solayer_signer;
if !solayer_signer.is_signer {
return Err(ProgramError::MissingRequiredSignature.into());
}*/
ctx.accounts.thaw_rst_account()?;
ctx.accounts.stake(amount)?;
ctx.accounts.mint_rst(amount)?;
// Check if RST mints should be frozen
if !is_liquid_rst_mints(&ctx.accounts.rst_mint.key()) {
ctx.accounts.freeze_rst_account()?;
}
Ok(())
}
pub fn unrestake(ctx: Context<Restaking>, amount: u64) -> Result<()> {
ctx.accounts.thaw_rst_account()?;
ctx.accounts.unstake(amount)?;
ctx.accounts.burn_rst(amount)?;
// Check if RST mints should be frozen
if !is_liquid_rst_mints(&ctx.accounts.rst_mint.key()) {
ctx.accounts.freeze_rst_account()?;
}
Ok(())
}The entry-point functions in lib.rs does not handle this verification either. While this condition does not lead to immediate financial loss, it should be checked to keep overall consistency.
Consider adding a verification before the execution of the restake and unrestake methods, blocking operations with amount == 0.
ACKNOWLEDGED: The Solayer team acknowledged this issue.
// Informational
It was identifying during the assessment of the program restaking in-scope that its dependencies for the Anchor framework and also for Solana are not current.
[[package]]
name = "solana-program"
version = "1.18.7"[[package]]
name = "anchor-lang"
version = "0.29.0"It is recommended to update dependencies to their current versions, as specified:
Solana: v1.18.20
Anchor: v0.31.0
SOLVED: The Solayer team has solved this issue as recommended. The commit hash containing the modification is 46c09073a6dad390f435dc76f17e35849f2c6d1b.
Halborn used automated security scanners to assist with detection of well-known security issues and vulnerabilities. Among the tools used was cargo audit, a security scanner for vulnerabilities reported to the RustSec Advisory Database. All vulnerabilities published in https://crates.io are stored in a repository named The RustSec Advisory Database. cargo audit is a human-readable version of the advisory database which performs a scanning on Cargo.lock. Security Detections are only in scope. All vulnerabilities shown here were already disclosed in the above report. However, to better assist the developers maintaining this code, the auditors are including the output with the dependencies tree, and this is included in the cargo audit output to better know the dependencies affected by unmaintained and vulnerable crates.
Cargo Audit Results
ID | Crate | Desccription |
|---|---|---|
RUSTSEC-2022-0093 | ed25519-dalek | Double Public Key Signing Function Oracle Attack on |
RUSTSEC-2024-0344 | curve25519-dalek | Timing variability in |
RUSTSEC-2021-0145 | atty | Potential unaligned read |
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed