Kyber Network

We express our gratitude to the Kyber Network team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Velocore is a groundbreaking solution, synthesizing top-tier DEX methodologies into a novel, high-performance flywheel

According to the assessment, the Customer's smart contracts are secure.

Our team performed an analysis of code functionality, manual audit, and automated checks with Mythril and Slither. All issues found during automated analysis were manually reviewed, and important vulnerabilities are presented in the Audit overview section. A general overview is presented in AS-IS section, and all found issues can be found in the Audit overview section.

Security engineers found 1 high, 5 medium, and 1 informational issue during the audit. All issues are acknowledged and accepted by the Customer.

The system users should acknowledge all the risks summed up in the risks section of the report

ASIS Overview

KyberGovernancesol

Description

KyberGovernance is a governance contract.

Imports

KyberGovernance has following imports:

• import {SafeMath} from ‘@openzeppelin/contracts/math/SafeMath.sol’

• import {PermissionAdmin} from ‘@kyber.network/utilssc/contracts/PermissionAdmin.sol’

• import {IKyberGovernance} from ‘../interfaces/governance/IKyberGovernance.sol’

• import {IExecutorWithTimelock} from ‘../interfaces/governance/IExecutorWithTimelock.sol’

• import {IVotingPowerStrategy} from ‘../interfaces/governance/IVotingPowerStrategy.sol’

• import {IProposalValidator} from ‘../interfaces/governance/IProposalValidator.sol’

• import {getChainId} from ‘../misc/Helpers.sol’

Inheritance

KyberGovernance is IKyberGovernance, PermissionAdmin.

Usages

KyberGovernance contract has following usages

• SafeMath for uint256.

Structs

KyberGovernance contract has no custom data structures.

Enums

KyberGovernance contract has no custom enums.

Events

KyberGovernance contract has no custom events.

Modifiers

KyberGovernance has no custom modifiers.

Fields

KyberGovernance contract has following fields and constants:

• bytes32 public constant DOMAIN_TYPEHASH = keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');

• bytes32 public constant VOTE_EMITTED_TYPEHASH = keccak256('VoteEmitted(uint256 id,uint256 optionBitMask)');

• string public constant NAME = 'Kyber Governance';

• address private _daoOperator;

• uint256 private _proposalsCount;

• mapping(uint256 => Proposal) private _proposals;

• mapping(address => bool) private _authorizedExecutors;

• mapping(address => bool) private _authorizedVotingPowerStrategies;

Functions

KyberGovernance has following public and external functions:

• constructor Description: \-Initializes the contract. Sets adimin and dao operator addresses. Executors and votingStratages are also provided. Visibility: \-public Input parameters: \-address admin \-address daoOperator \-address[] memory executors \-address[] memory votingPowerStrategie Constraints: \-None Events emit: \-Emits the ExecutorAuthorized and VotingPowerStrategyAuthorized events. Output: \-None

• createBinaryProposal Description: \-Creates a Binary Proposal. Visibility: \-external Input parameters: \-IExecutorWithTimelock executor \-IVotingPowerStrategy strategy \-string[] memory options \-uint256 startTime \-uint256 endTime \-string memory link Constraints: \-executor should be authorized. \-strategy should be authorized. \-executor should validate input params. Events emit: \-Emits the BinaryProposalCreated event. Output: \-uint256 proposalId

• createBinaryProposal Description: \-Creates a Binary Proposal. Creates a Generic Proposal. It only gets the winning option without any executions. Visibility: \-external Input parameters: \-IExecutorWithTimelock executor \-IVotingPowerStrategy strategy \-BinaryProposalParams memory executionParams \-uint256 startTime \-uint256 endTime \-string memory link Constraints: \-executionParams should be provided. \-executionParams should be of the same length. \-executor should be authorized. \-strategy should be authorized. \-executor should validate input params. Events emit: \-Emits the GenericProposalCreated event. Output: \-uint256 proposalId

• cancel Description: Cancels a Proposal. In the current version is only callable by the _daoOperator. Though, if if the IProposalValidator implementation will allow, the function may be callable by anyone. Visibility: \-external Input parameters: \-uint256 proposalId Constraints: \-Proposal should exist. \-Should not be in a final state. Events emit: \-Emits the ProposalCanceled event. Output: \-None

• queue Description: \-Queue a proposal if it is succeeded. Visibility: \-external Input parameters: \-uint256 proposalId Constraints: \-Proposal should exist. \-Proposal should be Binary. \-Should be in the Succeeded state. Events emit: \-Emits the ProposalQueued event. Output: \-None

• execute Description: \-Execute a proposal. Visibility: \-external Input parameters: \-uint256 proposalId Constraints: \-Proposal should exist. \-Proposal should be Binary. \-Should be in the Queued state. Events emit: \-Emits the ProposalExecuted event. Output: \-None

• submitVote Description: \-Submit a vote for a proposal by message sender. Visibility: \-external Input parameters: \-uint256 proposalId \-uint256 optionBitMask Constraints: \-Proposal should exist. \-Should be in the Active state. Events emit: \-Emits the VoteEmittedevent. Output: \-None

• submitVoteBySignature Description: \-Submit a vote for a proposal by signature. Visibility: \-external Input parameters: \-uint256 proposalId \-uint256 optionBitMask \-uint8 v \-bytes32 r \-bytes32 s Constraints: \-Proposal should exist. \-Signature should be valid. \-Should be in the Active state. Events emit: \-Emits the VoteEmittedevent. Output: \-None

• handleVotingPowerChanged Description: \-Changes voting power of a voter. Visibility: \-external Input parameters: \-uint256 proposalId \-uint256 optionBitMask \-uint8 v \-bytes32 r \-bytes32 s Constraints: \-Should be called from a strategy contract Events emit: \-Emits the VotingPowerChanged. Output: \-None

• transferDaoOperator Description: \-Transfers dao operator to another address. Should be called from a current dao operator.

• authorizeExecutors, unauthorizeExecutors, authorizeVotingPowerStrategies, unauthorizeVotingPowerStrategies Description: \-Admin functions to change corresponding contract parameters.

• isExecutorAuthorized, isVotingPowerStrategyAuthorized, getDaoOperator, getProposalsCount, getProposalById, getProposalVoteDataById, getVoteOnProposal, getProposalStat Description: \-Simple view functions.

EpochVotingPowerStrategysol

Description

EpochVotingPowerStrategy – Voting Power Strategy contract based on epoch mechanism.

Imports

EpochVotingPowerStrategy has following imports:

• import {SafeMath} from ‘@openzeppelin/contracts/math/SafeMath.sol’

• import {IVotingPowerStrategy} from ‘../../interfaces/governance/IVotingPowerStrategy.sol’

• import {IKyberGovernance} from ‘../../interfaces/governance/IKyberGovernance.sol’

• import {IKyberStaking} from ‘../../interfaces/staking/IKyberStaking.sol’

• import {EpochUtils} from '../../misc/EpochUtils.sol' Inheritance EpochVotingPowerStrategy is IVotingPowerStrategy, EpochUtils. Usages EpochVotingPowerStrategy contract has following usages:

• SafeMath for uint256.

Structs

EpochVotingPowerStrategy contract has no custom data structures.

Enums

EpochVotingPowerStrategy contract has no custom enums.

Events

EpochVotingPowerStrategy contract has no custom events.

Modifiers

EpochVotingPowerStrategy has following custom modifiers: \-onlyStaking – check if a caller is staking. \-onlyGovernance – check if a caller is governance.

Fields

EpochVotingPowerStrategy contract has following fields and constants: \-uint256 public constant MAX_PROPOSAL_PER_EPOCH = 10 \-IKyberStaking public immutable staking \-IKyberGovernance public immutable governance \-mapping(uint256 => uint256[]) internal epochProposals

Functions

EpochVotingPowerStrategy has following public and external functions:

• constructor Description: \-Initializes the contract. Sets governance and staking addresses. public Input parameters: \-IKyberGovernance _governance \-IKyberStaking _staking Constraints: \-None Events emit: \-None Output: \-None

• handleProposalCreation Description: \-Add a proposal ID to a current epoch. Input parameters: \-uint256 proposalId \-uint256 startTime \-uint256 – parameter exists but not used to be compliant with the interface. Constraints: \-Should only be called from a governance contract. Events emit: \-None Output: \-None

• handleProposalCancellation Description: \-Removes a proposal ID from a current epoch. Input parameters: \-uint256 proposalId Constraints: \-Should only be called from a governance contract. Events emit: \-None Output: \-None

• handleProposalCancellation Description: \-Returns voter's voting power. Input parameters: \-address voter \-uint256 \-uint256 Constraints: \-Should only be called from a governance contract. Events emit: \-None Output: \-uint256 votingPower

• handleWithdrawal Description: \-Handle user withdraw from staking contract. Input parameters: \-address user \-uint256 /*reduceAmount*/ Constraints: \-Should only be called from a staking contract. Events emit: \-None Output:

• getVotingPower, validateProposalCreation, getMaxVotingPower, getListProposalIds Description: \-Simple view functions.

DefaultProposalValidatorsol

Description

DefaultProposalValidator is a contract with view or pure functions used to validate values or to retrieve data.

DefaultExecutorWithTimelocksol

Description

DefaultExecutorWithTimelock is a contract that can queue, execute, cancel transactions voted by Governance.

Imports

DefaultExecutorWithTimelock has following imports:

• import {IExecutorWithTimelock} from ‘../../interfaces/governance/IExecutorWithTimelock.sol’

• import {IKyberGovernance} from ‘../../interfaces/governance/IKyberGovernance.sol’

• import {SafeMath} from ‘@openzeppelin/contracts/math/SafeMath.sol’

Inheritance

DefaultExecutorWithTimelock is IExecutorWithTimelock.

Usages

DefaultExecutorWithTimelock contract has following usages:

• SafeMath for uint256.

Structs

DefaultExecutorWithTimelock contract has no custom data structures.

Enums

DefaultExecutorWithTimelock contract has no custom enums.

Events

DefaultExecutorWithTimelock contract has no custom events.

Modifiers

DefaultExecutorWithTimelock has following modifiers:

• onlyAdmin – check for a corresponding caller.

• onlyTimelock – check for a corresponding caller.

• onlyPendingAdmin – check for a corresponding caller.

Fields

DefaultExecutorWithTimelock contract has following fields and constants:

• uint256 public immutable override GRACE_PERIOD

• uint256 public immutable override MINIMUM_DELAY

• uint256 public immutable override MAXIMUM_DELAY

• address private _admin

• address private _pendingAdmin

• uint256 private _delay

• mapping(bytes32 => bool) private _queuedTransactions

Functions

DefaultExecutorWithTimelock has following public and external functions:

• constructor Description: \-Initializes the contract. Sets admin, delay, grace period for queued txs, MINIMUM_DELAY and MAXIMUM_DELAY values. Visibility: \-public Input parameters: \-address admin \-uint256 delay \-uint256 gracePeriod \-uint256 minimumDelay \-uint256 maximumDelay Constraints: \-delay should be between minimumDelay and maximumDelay. Events emit: \-Emits the NewDelay and NewAdmin events. Output: \-None

• setDelay, setPendingAdmin Description: \-Allows the contract to change corresponding parameters.

• acceptAdmin Description: \-Allows pending admin to accept his permissions.

• queueTransaction Description: \-Queues a transaction for execution. Visibility: \-public Input parameters: \-address target \-uint256 value \-string memory signature \-bytes memory data \-uint256 executionTime \-bool withDelegatecall Constraints: \-Could only be called from the admin account. \-executionTime should exceed or be equal to a current time + delay. Events emit: \-Emits the QueuedAction event. Output: \-bytes32 – action hash.

• cancelTransaction Description: \-Cancel a transaction. Visibility: \-public Input parameters: \-address target \-uint256 value \-string memory signature \-bytes memory data \-uint256 executionTime \-bool withDelegatecall Constraints: \-Could only be called from the admin account. Events emit: \-Emits the CancelledAction event. Output: \-bytes32 – action hash.

• executeTransaction Description: \-Execute a transaction. Visibility: \-public Input parameters: \-address target \-uint256 value \-string memory signature \-bytes memory data \-uint256 executionTime \-bool withDelegatecall Constraints: \-Could only be called from the admin account. \-Transaction should be queued. \-Current time should be after execution time and before grace period pass. \-Transaction should be sent successfully. Events emit Emits the ExecutedAction event. Output: \-bytes memory

• getAdmin, getPendingAdmin, getDelay, isActionQueued, isProposalOverGracePeriod Description: \-Simple view functions.

Conclusion

Smart contracts within the scope were manually reviewed and analyzed with static analysis tools. For the contract, high-level description of functionality was presented in As-Is overview section of the report.

Audit report contains all found security vulnerabilities and other issues in the reviewed code. Security engineers found 1 high, 5 medium, and 1 informational issue during the audit.

All issues are acknowledged and accepted by the Customer.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope