Introduction
We express our gratitude to the Linear team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
LiNEAR Protocol is a liquid staking solution built on the NEAR Protocol. LiNEAR unlocks liquidity of the staked NEAR by creating a staking derivative to be engaged with various DeFi protocols on NEAR and Aurora, while also enjoying over 10% APY staking rewards of the underlying base tokens. LiNEAR is the cornerstone piece of the NEAR-Aurora DeFi ecosystem.
| title | content |
|---|---|
| Platform | Near |
| Language | Rust |
| Tags | Liquid Staking Protocol |
| Timeline | 22/03/2024 - 30/04/2024 |
| Methodology | https://hackenio.cc/sc_methodology→ |
Review Scope | |
|---|---|
| Repository | https://github.com/linear-protocol/LiNEAR→ |
| Commit | ccd1eeb9f2c2303c6ea2dd8072f833edb5e372e9 |
Review Scope
- Commit
- ccd1eeb9f2c2303c6ea2dd8072f833edb5e372e9
Audit Summary
10/10
\-
10/10
10/10
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for Linear |
| Audited By | Przemyslaw Swiatowiec |
| Approved By | Ataberk Yavuzer |
| Website | https://linearprotocol.org→ |
| Changelog | 18/04/2024 - Preliminary Report |
| 30/04/2024 - Final Report | |
| 09/05/2024 - Final Report Second Revision |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Linear
- Audited By
- Przemyslaw Swiatowiec
- Approved By
- Ataberk Yavuzer
- Website
- https://linearprotocol.org→
- Changelog
- 18/04/2024 - Preliminary Report
- 30/04/2024 - Final Report
- 09/05/2024 - Final Report Second Revision
System Overview
LiNEAR Protocol is a non-custodial liquid staking protocol built on NEAR blockchain. Users can stake $NEAR via LiNEAR Protocol, receiving PoS staking rewards same as every other $NEAR staker, but also receive liquid $LiNEAR token which could be used in DeFi protocols. Furthermore, users can unstake their $LiNEAR and receive back $NEAR instantly with no waiting time, while a small portion of fees will be charged.
Base functionality provided for users:
Stake $NEAR A user who wants to participate in NEAR staking can stake (deposit) his $NEAR to LiNEAR contract and get back $LiNEAR tokens. The $LiNEAR tokens are standard NEP141 tokens so that he can transfer/sell them freely.
Unstake $LiNEAR If the user wants to exit staking and get his $NEAR back with his rewards together, he can unstake(withdraw) $NEAR by burning $LiNEAR tokens. There are two approaches he can take:
Instant Unstake - swap $LiNEAR tokens for $NEAR instantly from a liquidity pool in ref.finance. This way the user needs to bear transaction fees and slippage, however he can get $NEAR back immediately without any delay.
Delayed Unstake - if the user does not want to pay for any swap fees he can choose delayed unstake. Delayed unstake will make LiNEAR contract to actually unstake from underlying validators so that the exchange rate can always be guaranteed. There is a delay between initiating the unstake and actual receiving the $NEAR back. Typically it takes 4 epoches (~3 days).
Privileged roles
Users can:
Deposit NEAR tokens
Stake NEAR tokens
Unstake NEAR tokens
Withdraw unstaked NEAR tokens
Contract owner can:
add and remove managers
add and remove staking reward beneficiaries
set/modify treasury address
set address to contract with validator whitelist logic
pause and resume protocol
upgrade contract to new version
Manager can:
add and remove whitelisted validators and assign validator weight
update validator's base amounts
sync validators balance with LiNear contract
run drain unstake and drain withdraw operations
Executive Summary
Documentation quality
The total Documentation Quality score is 10 out of 10.
Code quality
The total Code Quality score is 10 out of 10.
Test coverage
Code coverage of the project was not provided as there is no reliable tool to verify code coverage of Near smart contracts.
Security score
Upon auditing, the code was found to contain 0 critical, 0 high, 1 medium, and 1 low severity issues. The high issue was mitigated and the low was fixed in the remediation part of an audit process, leading to a security score of 10 out of 10.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's smart contract yields an overall score of 10. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.
Risks
This audit report focuses exclusively on the security assessment of the contracts within the specified review scope. Interactions with out-of-scope contracts are presumed to be correct and are not examined in this audit. We want to highlight that Interactions with contracts outside the specified scope have not been verified or assessed as part of this report. This includes staking contracts and validator whitelisting contract.
While we have diligently identified and mitigated potential security risks within the defined scope, it is important to note that our assessment is confined to the isolated contracts within this scope. The overall security of the entire system, including external contracts and integrations beyond our audit scope, cannot be guaranteed.
Users and stakeholders are urged to exercise caution when assessing the security of the broader ecosystem and interactions with external contracts. For a comprehensive evaluation of the entire system, additional audits and assessments outside the scope of this report are necessary.
This report serves as a snapshot of the security status of the audited contracts within the specified scope at the time of the audit. We strongly recommend ongoing security evaluations and continuous monitoring to maintain and enhance the overall system's security.
Insufficient Permissioning and Documentation: Inadequate permissions and under-documentation heighten the risk of unauthorized access and actions, complicating issue resolution and increasing the potential for security breaches.
Absence of Time-lock Mechanisms for Critical Operations: Without time-locks on critical operations, there is no buffer to review or revert potentially harmful actions, increasing the risk of rapid exploitation and irreversible changes.
Administrative Key Control Risks: The digital contract architecture relies on administrative keys for critical operations. Centralized control over these keys presents a significant security risk, as compromise or misuse can lead to unauthorized actions or loss of funds.
Single Entity Upgrade Authority: The contract grants a single entity the authority to implement upgrades or changes. This centralization of power risks unilateral decisions that may not align with the community or stakeholders' interests, undermining trust and security.
Flexibility and Risk in Contract Upgrades: The project's contracts are upgradable, allowing the administrator to update the contract logic at any time. While this provides flexibility in addressing issues and evolving the project, it also introduces risks if upgrade processes are not properly managed or secured, potentially allowing for unauthorized changes that could compromise the project's integrity and security.
Absence of Upgrade Window Constraints: The contract suite allows for immediate upgrades without a mandatory review or waiting period, increasing the risk of rapid deployment of malicious or flawed code, potentially compromising the system's integrity and user assets.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2024-1979 | Lack of user charges for new deposit account creation leading to potential griefing attacks | mitigated | Medium | |
| F-2024-1983 | Inability to free allocated storage for unused accounts | fixed | Low | |
| F-2024-2164 | Inconsistent account data retrieval in internalgetaccount function | accepted | Observation | |
| F-2024-1978 | Lack of two-step ownership transfer pattern | mitigated | Observation | |
| F-2024-1977 | Unnecessary double checks in addmanager and removemanager functions | fixed | Observation | |
| F-2024-1975 | Lack of event emissions for critical state changes | fixed | Observation |
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/linear-protocol/LiNEAR→ |
| Commit | ccd1eeb9f2c2303c6ea2dd8072f833edb5e372e9 |
| Whitepaper | https://docs.linearprotocol.org/developer-guide/contract-overview→ |
| Requirements | https://docs.linearprotocol.org/developer-guide/contract-overview→ |
| Technical Requirements | https://docs.linearprotocol.org/developer-guide/contract-overview→ |
Scope Details
- Commit
- ccd1eeb9f2c2303c6ea2dd8072f833edb5e372e9
- Technical Requirements
- https://docs.linearprotocol.org/developer-guide/contract-overview→