13.09.2021
ABSTRACT
Dedaub (commissioned by Dinngo) has performed a security audit on a collection of new Furucombo contracts. More specifically, the following Furucombo projects were audited:
- furucombo-smart-wallet, at commit hash 3b933af5ac88b5e5b65b6d268a5338b41650dd8a (revision at commit hash 3368d788bf2f2799fa278f4080a440272016ca15).
- furucombo-gelato, at commit hash 00a8919fcb97c9eb45eae9cfcc500a81bf0c0dee.
Two auditors worked over this codebase over 5 days. No high or critical severity vulnerabilities were discovered during this period.
VULNERABILITIES & FUNCTIONAL ISSUES
This section details issues that affect the functionality of the contract. Dedaub generally categorizes issues according to the following severities, but may also take other considerations into account such as impact or difficulty in exploitation:
Issue resolution includes “dismissed”, by the client, or “resolved”, per the auditors.
CRITICAL SEVERITY
[No critical severity issues]
HIGH SEVERITY
[No high severity issues]
MEDIUM SEVERITY
Possible corruption in Task Executor
As we mentioned in the Summary section, the creator of the TaskExecutor.batchExec() invocation payload needs to keep a precise record of each call’s calldata and returndata in order to ensure that the created localStack will be correct. To ensure that a call’s returndata is what was expected its length has to be the same with a value written to the config value. Assuming proper ABI encoding of the returndata, this check is enough to ensure proper returndata format for calls that return up to 1 dynamic array.
However, for calls that return 2 or more dynamic arrays, the total returndata size can be the same but the lengths of the returned arrays can be different. In this case the computations producing the config values can be wrong, leading to data corruption.
LOW SEVERITY
Proliferous use of weak blacklists
Furucombo Gelato makes use of a number of blacklists including:
- Who can create a new task
- What task can be created
It is however trivial for any user to get around this blacklisting style. For instance, in the case of a task, one can simply add some additional calldata which does not affect the semantics of the task. Therefore, if there is a reason to blacklist users or tasks, a stronger mechanism needs to be designed.
delegateCallOnly methods not properly guarded in Actions
In TaskExecutor the delegateCallOnly() modifier is defined to ensure that the batchExec() method is only called via delegate call, as intended by the deployers.
This can be reused by the other Actions as well, to make sure that they are not misused.
OTHER/ ADVISORY ISSUES
This section details issues that are not thought to directly affect the functionality of the project, but we recommend addressing them.
Floating pragma
The floating pragma “pragma solidity ^0.6.0;” is used in most contracts, allowing them to be compiled with the 0.6.0 - 0.6.12 versions of the Solidity compiler. Although the differences between these versions are small, floating pragmas should be avoided and the pragma should be fixed to the version that will be used for the contracts’ deployment.
Compiler known issues
The contracts were compiled with the Solidity compiler 0.6.12 which, at the time of writing, has multiple issues related to memory arrays. Since furrucombo-smart-wallet makes heavy use of memory arrays, and sending and receiving these to third party contracts, it is worth considering switching to a newer version of the Solidity compiler.
DISCLAIMER
The audited contracts have been analyzed using automated techniques and extensive human inspection in accordance with state-of-the-art practices as of the date of this report. The audit makes no statements or warranties on the security of the code. On its own, it cannot be considered a sufficient assessment of the correctness of the contract. While we have conducted an analysis to the best of our ability, it is our recommendation for high-value contracts to commission several independent audits, a public bug bounty program, as well as continuous security auditing and monitoring through Dedaub Security Suite.
ABOUT DEDAUB
Dedaub offers significant security expertise combined with cutting-edge program analysis technology to secure some of the most prominent protocols in DeFi. The founders, as well as many of Dedaub’s auditors, have a strong academic research background together with a real-world hacker mentality to secure code. Protocol blockchain developers hire us for our foundational analysis tools and deep expertise in program analysis, reverse engineering, DeFi exploits, cryptography and financial mathematics.