Introduction
We express our gratitude to the re.al team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
RealETH is yield farming project. The RWA Ecosystem is a collection of smart contracts that encapsulate a collection of products built to bring a yield generating and governance protocol to active investors.
| title | content |
|---|---|
| Platform | EVM |
| Language | Solidity |
| Tags | Solidity, Fungible Token, Yield Farming, Voting, Upgradable, ERC-20, ERC-721 |
| Timeline | 15/04/2024 - 24/05/2024 |
| Methodology | https://hackenio.cc/sc_methodology→ |
Review Scope | |
|---|---|
| Repository | https://github.com/re-al-Foundation/rwa-contracts→ |
| Commit | e3d0723 |
| Repository | https://github.com/re-al-Foundation/real-ether→ |
| Initial Commit | 5ceef5c |
| Remediation Commit | 25a9cf3 |
Review Scope
- Commit
- e3d0723
- Initial Commit
- 5ceef5c
- Remediation Commit
- 25a9cf3
Audit Summary
10/10
92%
10/10
10/10
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for re.al |
| Audited By | Olesia Bilenka |
| Approved By | Grzegorz Trawinski, Ataberk Yavuzer |
| Website | https://www.re.al/→ |
| Changelog | 14/05/2024 - Preliminary Report |
| 24/05/2024 - Remediation |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for re.al
- Audited By
- Olesia Bilenka
- Approved By
- Grzegorz Trawinski, Ataberk Yavuzer
- Website
- https://www.re.al/→
- Changelog
- 14/05/2024 - Preliminary Report
- 24/05/2024 - Remediation
System Overview
RWA Ecosystem is a project with the following contracts:
RoyaltyHandler — is a contract that handles royalties from RWAToken, and disctributes them to burn, RevenueDistributor, and to lp.
RWAToken - is an ERC-20 token. It has the following attributes:
Name: re.al
Symbol: RWA
Decimals: 18.
The token has fee-on-transfer for the swaps, and a blacklist.
RevenueStreamETH — is a contract that allows the discribution of claimable ETH revenue according to the votes.
RevenueDistributor - is a contract that accepts the revenue tokens, transfers them into ETH and deposits it to RevenueStreamETH contract.
RealReceiver - is a contract that inherits NonblockingLzAppUpgradeable and handles RWA tokens receiving, and RWAVotingEscrow tokens receiving.
CrossChainMigrator - is a contract that inherits NonblockingLzAppUpgradeable, and allows migrating passiveIncomeNFT (out of audit scope) and TNGBL (out of audit scope) tokens.
VotesUpgradeable - is an abstract contract that tracks voting units, which are a measure of voting power that can be transferred, and provides a system of vote delegation.
RWAVotingEscrow - is an ERC721 token contract that assigns voting power based on the quantity of locked tokens and their vesting duration.
VotingEscrowVesting - is a contract that manages the vesting schedules for tokens locked in the VotingEscrow system.
VotingMath - is a library that provides functionality to calculate voting power based on the amount of tokens locked and the remaining vesting duration.
RealETH is yield farming project with the following contracts:
StrategyManager - is a contract responsible for managing asset yield strategies within the Vault.
RealVault - is a contract responsible for managing deposits and withdrawals using ERC4626 standard.
AssetsVault - is a contract that holds ETH deposits.
Real - is an ERC-20 token. It has the following attributes:
Name: Real Ether
Symbol: reETH
Decimals: 18.
Minter - is a contract responsible for Real token minting and burning.
Strategy - is an abstract contract for the yield strategies.
LidoStEthStrategy - is a strategy contract for ETH yield by managing Lido staked ETH.
ShareMath - is a library for asset per shares and shares per assets calculations.
SwapManager - is a contract which allows to swap tokens to ETH using UniswapV3 and Curve pools.
Privileged roles
RWA Ecosystem:
RWAToken: the contract owner can update fee (on transfer for swaps, up to 10%), set RoyaltyHandler, RealReceiver, VotingEscrowRWA addresses, set AMMs for fee-on-transfer feature, set excleded from fees addreses, modify blacklist, and updgrade the contract.
RoyaltyHandler: the contract owner can update distribution percentages, set slippage when fetching quotes from oracle, secondAgo value for the TWAP oracle, set distributor, oracle, ALMBox, ALMBoxManager, GaugeV2ALM, Pearl, SwapRouter addresses, the pool fee on the RWA/WETH pool, withdraw Pearl, harvest Pearl rewards, and updgrade the contract.
RevenueStreamETH: the revenueDistributor is allowed to deposit ETH into the contract, the contract owner is allowed to claim all expired revenue, set expiration duration for revenue, and updgrade the contract.
RevenueDistributor: the contract owner is allowed to set distributors, WETH, RevenueStreamETH addresses, add and remove revenue tokens, set selectors for target addresses (used for swap), and updgrade the contract. The distributors and the contract owner are allowed to transfer tokens into ETH and deposits it to RevenueStreamETH contract.
RealReceiver: the contract owner is allowed to set VotingEscrowRWA, RWA token addresses, andupdgrade the contract.
CrossChainMigrator: the contract owner is allowed to burn passiveIncomeNFT tokens when expired, to block/unblock the migration, set TNGBL, passiveIncomeCalculator, passiveIncomeNFT addresses, burn TNGBL token, set the receiver contract, and updgrade the contract.
RWAVotingEscrow: the contract owner can update the RealReceiver address, and updgrade the contract.
VotingEscrowVesting: the contract owner can update the RWAVotingEscrow address, and updgrade the contract.
RealETH:
StrategyManager: RealVault is allowed to set new RealVault, strategies, to destroy, clear, force withdraw, rebase strategy.
RealVault: the proposal is allowed to migrate vault, add, set, destroy, clear strategies, update proposal, set withdraw fee rate, set fee recipient, set rebase interval, set minimal withdrawable shares.
AssetsVault: RealVault and StrategyManager are allowed to withdraw ETH and set new RealVault.
Real: Minter is allowed to mint and burn tokens.
Minter: RealVault is allowed to mint and burn tokens, and set new Vault.
LidoStEthStrategy: StrategyManager is allowed to deposit and withdraw ETH from the Lido stETH contract, initiate an instant withdrawal of stETH using swap pools.
SwapManager: the contract owner is allowed to set pools addresses, the slippage for each token and TWAP duration.
Executive Summary
Documentation quality
The total Documentation quality score is 10 out of 10.
Technical description and functional requirements are provided.
Natspec is provided.
Code quality
The total Code quality score is 10 out of 10.
The code follows best practices and official language style guides.
The development environment is configured.
Test coverage
Code coverage of the project is 92% (branch coverage).
Deployment and basic user interactions are covered with tests.
Security score
Upon auditing, the code was found to contain 0 critical, 0 high, 3 medium, and 8 low severity issues. Out of these, 9 issues have been addressed and resolved, leading to a security score of 10 out of 10.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's smart contract yields an overall score of 9.7. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.
Risks
Scope Definition and Security Guarantees: The audit does not cover all code in the rwa repository. Contracts outside the audit scope may introduce vulnerabilities, potentially impacting the overall security due to the interconnected nature of smart contracts.
Dependency on External Logic for Implemented Logic: The implemented Real Eth strategies logic, rwa cross-chain migration highly depends on external contracts not covered by the audit. This reliance introduces risks if these external contracts are compromised or contain vulnerabilities, affecting the audited project's integrity.
System Reliance on External Contracts: The functioning of the system significantly relies on specific external contracts. Any flaws or vulnerabilities in these contracts adversely affect the audited project, potentially leading to security breaches or loss of funds.
Interactions with External DeFi Protocols: Dependence on external DeFi protocols inherits their risks and vulnerabilities. This might lead to direct financial losses if these protocols are exploited, indirectly affecting the audited project.
Dynamic Array Iteration Gas Limit Risks: The project iterates over large dynamic arrays, which leads to excessive gas costs, risking denial of service due to out-of-gas errors, directly impacting contract usability and reliability.
Absence of Time-lock Mechanisms for Critical Operations: Without time-locks on critical operations, there is no buffer to review or revert potentially harmful actions, increasing the risk of rapid exploitation and irreversible changes.
Insufficient Multi-signature Controls for Critical Functions: The lack of multi-signature requirements for key operations centralizes decision-making power, increasing vulnerability to single points of failure or malicious insider actions, potentially leading to unauthorized transactions or configuration changes.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2024-2017 | Incorrect Fee Assignment in updateDistribution Function of RoyaltyHandler Contract | fixed | Medium | |
| F-2024-1514 | Incorrect Calculation in RealVault Contract Leading to Overestimation of Withdrawable Amounts | mitigated | Medium | |
| F-2024-1494 | RealVault setRebaseInterval Logical Error Causes Rejection of Valid Intervals | fixed | Medium | |
| F-2024-2707 | Violation of Checks-Effects-Interactions Pattern in RWA Project Contracts | fixed | Low | |
| F-2024-2705 | Incorrect Balance Checks Leading to Risks of Zero Balance Locks in RWAVotingEscrow | fixed | Low | |
| F-2024-2459 | Risk of ETH Lock in RevenueStreamETH Due to Unbounded Array Sizes | fixed | Low | |
| F-2024-1869 | Risk of Asset Yield Reduction Due to Unrestricted Rebase in StrategyManager Contract | fixed | Low | |
| F-2024-1811 | Risk of Griefing Attacks in RealVault Contract Deposits | fixed | Low | |
| F-2024-1424 | Risk of Fees on Minting and Burning Due to Configuration Changes in RWAToken | fixed | Low | |
| F-2024-1423 | Incomplete Verification of Swap Output Amount in RoyaltyHandler Contract | mitigated | Low |
Identify vulnerabilities in your smart contracts.
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/re-al-Foundation/rwa-contracts→ |
| Commit | e3d07233c6aad87c034fd0c89cda9069c1474195 |
| Whitepaper | https://docs.re.al/→ |
Scope Details
- Commit
- e3d07233c6aad87c034fd0c89cda9069c1474195
- Whitepaper
- https://docs.re.al/→
Contracts in Scope |
|---|
| ./src/RoyaltyHandler.sol |
| ./src/RevenueStreamETH.sol |
| ./src/RevenueDistributor.sol |
| ./src/RealReceiver.sol |
| ./src/RWAToken.sol |
| ./src/CrossChainMigrator.sol |
| ./proxy/FetchableBeaconProxy.sol |
| ./src/governance/utils/VotesUpgradeable.sol |
| ./src/governance/DelegateFactory.sol |
| ./src/governance/Delegator.sol |
| ./src/governance/RWAVotingEscrow.sol |
| ./src/governance/VotingEscrowVesting.sol; ./src/governance/VotingMath.sol |
Contracts in Scope
- ./src/RoyaltyHandler.sol
Contracts in Scope
- ./src/RevenueStreamETH.sol
Contracts in Scope
- ./src/RevenueDistributor.sol
Contracts in Scope
- ./src/RealReceiver.sol
Contracts in Scope
- ./src/RWAToken.sol
Contracts in Scope
- ./src/CrossChainMigrator.sol
Contracts in Scope
- ./proxy/FetchableBeaconProxy.sol
Contracts in Scope
- ./src/governance/utils/VotesUpgradeable.sol
Contracts in Scope
- ./src/governance/DelegateFactory.sol
Contracts in Scope
- ./src/governance/Delegator.sol
Contracts in Scope
- ./src/governance/RWAVotingEscrow.sol
Contracts in Scope
- ./src/governance/VotingEscrowVesting.sol; ./src/governance/VotingMath.sol
Scope Details | |
|---|---|
| Repository | https://github.com/re-al-Foundation/rwa-contracts→ |
| Commit | e3d07233c6aad87c034fd0c89cda9069c1474195 |
| Whitepaper | https://docs.re.al/→ |
Scope Details
- Commit
- e3d07233c6aad87c034fd0c89cda9069c1474195
- Whitepaper
- https://docs.re.al/→