Prepared by:
HALBORN
Last Updated Unknown date
Date of Engagement: July 16th, 2023 - August 16th, 2023
100% of all REPORTED Findings have been addressed
All findings
21
Critical
0
High
2
Medium
3
Low
5
Informational
11
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
2
Medium
3
Low
5
Informational
11
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| SILENT FAILURE DURING TOKEN MINTING ON THE ROUTER CONTRACT | High | Solved - 07/22/2023 |
| SILENT FAILURE DURING TOKEN REDEMPTION ON THE ROUTER CONTRACT | High | Solved - 07/22/2023 |
| MINT WITH PERMIT CAN BE BROKEN WHEN USING TOKENS THAT DO NOT FOLLOW THE ERC2612 STANDARD | Medium | Solved - 07/27/2023 |
| LACK OF END TIME VALIDATION LEADS TO WRONG MARKET INDEX CALCULATION ON THE NEW MARKETS | Medium | Solved - 07/27/2023 |
| MISSING CHAIN ID AND RECEIVER ADDRESS VERIFICATION IN EXECUTEPROPOSAL() FUNCTION | Medium | Solved - 07/22/2023 |
| WRONG EVENT IS EMITTED IN THE UPDATE BORROW SPEED FUNCTION | Low | Solved - 07/27/2023 |
| EMISSIONCAP LACKS AN UPPER BOUND, LEADING TO POTENTIAL OVERFLOWS | Low | Risk Accepted |
| UNRESTRICTED RECEIVE IN WETHROUTER ENABLES EXCESS REDEMPTIONS | Low | Solved - 07/22/2023 |
| IMPLEMENTATIONS CAN BE INITIALIZED | Low | Solved - 07/19/2023 |
| HARD-CODED MTOKEN ADDRESS IN WETHUNWRAPPER CONTRACT | Low | Solved - 08/15/2023 |
| EVENT IS MISSING INDEXED FIELDS | Informational | Solved - 07/27/2023 |
| FLOATING PRAGMA | Informational | Solved - 07/23/2023 |
| USE CUSTOM ERRORS INSTEAD OF REVERT STRINGS TO SAVE GAS | Informational | Acknowledged |
| INCREMENT/DECREMENT FOR LOOP VARIABLE IN AN UNCHECKED BLOCK | Informational | Acknowledged |
| LACK OF A DOUBLE-STEP TRANSFEROWNERSHIP PATTERN | Informational | Acknowledged |
| CACHE ARRAY LENGTH | Informational | Acknowledged |
| REDUNDANT SAFE CAST | Informational | Solved - 07/23/2023 |
| REVERT STRING SIZE OPTIMIZATION | Informational | Acknowledged |
| NO NEED TO INITIALIZE VARIABLES WITH DEFAULT VALUES | Informational | Acknowledged |
| RETURN VALUE NOT STORED | Informational | Solved - 07/27/2023 |
| REQUIRE() / REVERT() STATEMENTS SHOULD HAVE DESCRIPTIVE REASON STRINGS | Informational | Solved - 07/27/2023 |
//High
//High
//Medium
//Medium
//Medium
//Low
//Low
//Low
//Low
//Low
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
Contracts V2 Updates
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
