← Back to Audits

Brt Dci Contracts - Prodigy

Prepared by:

Halborn Logo

HALBORN

Last Updated Unknown date

Date of Engagement: October 10th, 2024 - October 14th, 2024

Summary

100% of all REPORTED Findings have been addressed

All findings

11

Critical

0

High

1

Medium

4

Low

4

Informational

2

Table of Contents

1. Introduction

Prodigy engaged Halborn to conduct a security assessment on their smart contracts revisions beginning on 10/10/2024 and ending on 10/14/2024. The security assessment was scoped to the smart contracts provided to the Halborn team.

2. Assessment Summary

The team at Halborn was provided 3 days for the engagement and assigned a full-time security engineer to evaluate the security of the smart contract.

The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

    • Ensure that smart contract functions operate as intended.

    • Identify potential security issues with the smart contracts.


In summary, Halborn identified some security risks that were addressed by the Prodigy team.

3. SCOPE

REPOSITORY
(a) Repository: brt-dci-contracts
(b) Assessed Commit ID: 24946ea
(c) Items in scope:
  • DCIStructs
  • TransferHelper
  • AggregatorHelper
↓ Expand ↓
Out-of-Scope: utils/Faucet, utils/Token
Out-of-Scope: New features/implementations after the remediation commit IDs.

4. Findings Overview

Security analysisRisk levelRemediation
Price Manipulation Vulnerability in Vault Execution Due to Unchecked Pyth Oracle UpdatesHighSolved - 10/28/2024
Chainlink Oracle Price Feed Used Without Staleness CheckMediumSolved - 10/28/2024
Excess ETH Not Refunded in Price Update TransactionsMediumSolved - 10/28/2024
Zero Amount Transfer Vulnerability in Token TransfersMediumSolved - 10/28/2024
Pyth oracle price is not validated properlyMediumSolved - 10/28/2024
Unrestricted Vault Creation in Factory ContractLowSolved - 10/28/2024
Unsafe Casting OperationsLowSolved - 10/28/2024
Incorrect Fee Calculation Due to Delayed Initialization in Vault ContractLowSolved - 10/28/2024
Incorrect State Modification Order in lpWithdraw FunctionLowSolved - 10/28/2024
Missing Visibility AttributeInformationalSolved - 10/28/2024
Consider Using Named MappingsInformationalSolved - 10/28/2024

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

Brt Dci Contracts

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed