audit 1 #66
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| # Audit report | ||
|
|
||
| | Name | Information | | ||
| | :--------: | -------------------- | | ||
| | Repository | https://github.com/DePayFi/depay-evm-router | | ||
| | Checked | `DePayRouterV3.sol` | | ||
| | Branch | v3 | | ||
| | Time | 2024-09-17 | | ||
| | Author | Nolan Graves | | ||
|
|
||
| # Result | ||
|
|
||
| | Severity | Count | Link | | ||
| | :-------------: | ----: | ------------------------------------------------------------------------------------------------ | | ||
| | High | 0 | | | ||
| | Medium | 1 | | | ||
| | | | [M01 - Inconsistent handling of payment deadlines (milliseconds vs seconds)](#m01) | | ||
| | Low | 1 | | | ||
| | | | [L01 - Allowing ERC20 payments to `address(0)`, possibly burning tokens unintentionally](#l01) | | ||
| | Informational | 1 | | | ||
| | | | [I01 - Potential for funds to be stuck in contract, consider refunding excess Ether](#i02) | | ||
|
|
||
| --- | ||
|
|
||
| <a name="m01"></a> | ||
|
|
||
| ## M01 - Inconsistent handling of payment deadlines (milliseconds vs seconds) | ||
|
|
||
| | Affected | Severity | Count | Lines | | ||
| | :---------------: | :------: | ----: | ------------------------------------------------------------------ | | ||
| | `DePayRouterV3.sol` | Low | 1 | Line in `_validatePreConditions` where deadline is compared | | ||
|
|
||
| **Description** | ||
|
|
||
| In the `_validatePreConditions` function, the contract checks if `payment.deadline < block.timestamp * 1000`. Since `block.timestamp` returns the current block timestamp in seconds, multiplying it by 1000 converts it to milliseconds. This means `payment.deadline` is expected to be in milliseconds, which may cause confusion and inconsistencies, as most Solidity time-related functions and variables use seconds. | ||
|
|
||
| **Recommendation** | ||
|
|
||
| Standardize the time units used in the contract to seconds. If milliseconds are necessary, clearly document this requirement in the contract and ensure that all time comparisons and inputs are consistently handled in milliseconds to avoid confusion and potential errors. | ||
|
|
||
| --- | ||
|
|
||
| <a name="l01"></a> | ||
|
|
||
| ## L01 - Allowing ERC20 payments to `address(0)`, possibly burning tokens unintentionally | ||
|
|
||
| | Affected | Severity | Count | Lines | | ||
| | :---------------: | :------: | ----: | ----------------------------------------------------------- | | ||
| | `DePayRouterV3.sol` | Low | 1 | Line in `_payReceiver` where ERC20 tokens are transferred | | ||
|
|
||
| **Description** | ||
|
|
||
| In the `_payReceiver` function, when `payment.receiverType == 0` and `payment.tokenOutAddress` is an ERC20 token, the contract transfers `payment.paymentAmount` to `payment.paymentReceiverAddress` without checking if the address is `address(0)`. If `payment.paymentReceiverAddress` is `address(0)`, the tokens will be sent to the zero address, effectively burning them, which may not be the intended behavior. | ||
|
There was a problem hiding this comment. Using DePay to burn tokens might be intentional. We can address this in the SDKs by giving users control over the process, rather than completely preventing it. |
||
|
|
||
| **Recommendation** | ||
|
|
||
| Add a check to ensure that `payment.paymentReceiverAddress` is not `address(0)` before transferring ERC20 tokens. If the address is zero, revert the transaction with an appropriate error message. | ||
|
|
||
| --- | ||
|
|
||
| <a name="i01"></a> | ||
|
|
||
| ## I01 - Potential for funds to be stuck in contract, consider refunding excess Ether | ||
|
|
||
| | Affected | Severity | Count | Lines | | ||
| | :---------------: | :-----------: | ----: | ------------------------------------------ | | ||
| | `DePayRouterV3.sol` | Informational | 1 | Functions handling Ether (e.g., `receive`) | | ||
|
|
||
| **Description** | ||
|
|
||
| If users accidentally send Ether to the contract without proper interaction (e.g., directly sending Ether to the contract's address), or if there are rounding errors and leftover Ether after operations, these funds may remain stuck in the contract. While the owner can withdraw tokens via the `withdraw` function, regular users cannot retrieve their mistakenly sent funds. | ||
|
There was a problem hiding this comment. Calculating excess funds would result in an unnecessary increase in gas usage due to the conditional checks required. In worst-case scenarios, the owner can withdraw and return the excess Ether. However, this situation should not occur, as the SDKs can prevent it, and input amounts are confirmed and signed by the users. |
||
|
|
||
| **Recommendation** | ||
|
|
||
| Implement a fallback mechanism or a function that allows users to retrieve their mistakenly sent Ether, provided they can prove ownership. Alternatively, provide clear instructions and warnings to users to prevent accidental transfers of Ether to the contract. | ||
|
|
||
| --- | ||
|
|
||
| # Conclusion | ||
|
|
||
| The `DePayRouterV3` contract is designed to handle payments and token conversions securely. | ||
| The initial high-severity concern regarding reentrancy was reassessed and found to be of low risk due to the absence of mutable state that could be exploited and the presence of balance checks that prevent state inconsistencies. | ||
|
|
||
| The remaining issues are of medium to low severity and should be addressed to enhance the contract's security and reliability. | ||
| Implementing the recommended changes will protect users' funds and improve the overall robustness of the contract. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is intentional. Millisecond-based deadlines are necessary to differentiate between duplicate payments during the validation process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will document it clearly.