- Hacken
- Audits
- singularitydao
- [SCA] SingularityNET | Commission | May2024
Introduction
We express our gratitude to the SingularityDAO team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
SingularityNET is a ground breaking bridge platform that supports different blockchains and executes requests by signatures that are generated on the backend.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for SingularityDAO |
| Audited By | Seher Saylik |
| Approved By | Ataberk Yavuzer |
| Changelog | 03/06/2024 - Preliminary Report |
| 06/06/2024 - Final Report | |
| Platform | EVM |
| Language | Solidity |
| Tags | Bridge, ERC20 |
| Methodology | https://hackenio.cc/sc_methodology→ |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for SingularityDAO
- Audited By
- Seher Saylik
- Approved By
- Ataberk Yavuzer
- Changelog
- 03/06/2024 - Preliminary Report
- 06/06/2024 - Final Report
- Platform
- EVM
- Language
- Solidity
- Tags
- Bridge, ERC20
- Methodology
- https://hackenio.cc/sc_methodology→
Review Scope | |
|---|---|
| Repository | https://github.com/singnet/converter-token-manager-v2/tree/master→ |
| Commit | 8a27626 |
Review Scope
- Commit
- 8a27626
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Functional requirements are provided.
Technical description is provided.
NatSpec is complete.
Code quality
The development environment is configured.
Test coverage
Code coverage of the project is 78.47% (branch coverage),.
Deployment and basic user interactions are covered with tests.
Negative cases coverage is covered.
Interactions by several users are not tested thoroughly.
Interactions between two chains are not covered.
System Overview
SingularityNET is a bridge protocol with the following contracts:
Token — simple ERC-20 token that does not have any supply cap. Additional minting is allowed.
It has the following attributes:
Name: Specified during the deployment
Symbol: Specified during the deployment
Decimals: 8
Total supply: Infinitive
TokenConversionManagerV2 — main bridge contract that will be deployed on both 2 networks. It handles the conversion of tokens between Ethereum and other networks, allowing users to burn tokens on Ethereum for conversion out and mint tokens on Ethereum for conversion in. It incorporates configurable fee structures. Users pay one of three distinct commission fees for bridge operations. If the commission type is FixedNativeTokens, users are charged a predetermined Ether amount set by the owner during deployment or changed later. Alternatively, if the commission type is PercentageTokens or FixedTokens, users are charged a proportion configured by the owner, with the flexibility for the owner to adjust this rate at any time.
Bridge requests are approved through off-chain logic by generating the corresponding signatures on the bridged chain.
Commission — serves as a module for managing commission fees within the bridge contract. It offers functionalities to configure and enable different types of commission fees, including fixed native token amounts or proportions of tokens, with the flexibility for the owner to adjust these settings as needed. Additionally, it provides methods for commission recipients to claim their allocated fees and ensures that commission proportions adhere to predefined limits, safeguarding against potential misuse or misconfiguration.
Privileged roles
The owner of the TokenConversionManagerV2 can change the fixed native commission, change the fixed tokens commission, change the percentage tokens commission, disable/enable the fees, update the commission receiver's or bridge owner's fee portions, set a new commission receiver address or a bridge owner address, update the authorizer/signer address, update the min/max amounts per transaction and max supply to be minted.
The MINTERROLE of the Token contract can mint tokens. The PAUSERROLE of the Token contract can pause/unpause the contract.
Risks
The Token contract utilized within the bridge platform falls outside the scope of this audit. Consequently, Hacken cannot verify the safety of the minting process or the overall security of the token.
Bridge requests are managed off-chain, where a user's initiation on one chain triggers the creation of a corresponding signature on another chain by the backend system upon transfer of the specified amount. Given the off-chain nature of these operations, the security of signatures, and the certainty of their creation, lie beyond the direct scope of Hacken's audit, thus cannot be fully guaranteed.
Scope Definition and Security Guarantees: The audit does not cover all code in the repository. Contracts outside the audit scope may introduce vulnerabilities, potentially impacting the overall security due to the interconnected nature of smart contracts.
The unrestricted ability of the platform owner to arbitrarily set fees at any value and at any time poses a risk, as it could lead to unpredictable financial implications and undermine user trust.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2024-3430 | Possible Signature Replay Attack: Missing Chain Id In The Signature | mitigated | Medium | |
| F-2024-3432 | Fees Are Not Restricted | accepted | Low | |
| F-2024-3431 | receiverCommission Can Be Zero Address Although It Has A Portion | fixed | Low | |
| F-2024-3438 | Constant Keccak Variables Are Treated As Expressions, Not Constants | fixed | Observation | |
| F-2024-3437 | else Block Not Required | fixed | Observation | |
| F-2024-3435 | Floating Pragma | fixed | Observation | |
| F-2024-3434 | Use Ownable2Step Rather Than Ownable | fixed | Observation | |
| F-2024-3433 | State Variables That Are Used Multiple Times In a Function Should Be Cached In Stack Variables | fixed | Observation |
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/singnet/converter-token-manager-v2/tree/master→ |
| Commit | 8a27626f7a380a4c624cb58d6fc7d4fbb013ca0f |
| Whitepaper | N/A |
| Requirements | https://github.com/singnet/converter-token-manager-v2/blob/master/README.md→ |
| Technical Requirements | https://github.com/singnet/converter-token-manager-v2/blob/master/README.md→ |
Scope Details
- Commit
- 8a27626f7a380a4c624cb58d6fc7d4fbb013ca0f
- Whitepaper
- N/A
- Technical Requirements
- https://github.com/singnet/converter-token-manager-v2/blob/master/README.md→