Canto Solo Audit by Ghoul.sol
Findings & Analysis Report
Table of contents
- Severity Criteria
Code4rena (C4) is an open organization consisting of security researchers, auditors, developers, and individuals with domain expertise in smart contracts.
A C4 Solo Audit is a single-warden or single-team audit performed by a top Code4rena contributor.
During the Solo Audit outlined in this document, C4 conducted an analysis of the Canto code. The audit took place between July 8—10, 2022.
Ghoul.sol is a senior Solidity developer and has served as a Code4rena judge for a dozen audit contests.
Final report assembled by sock.
The Solo Audit yielded 4 vulnerabilities. Of those vulnerabilities, 3 received a risk rating of HIGH severity and 1 received a risk rating of MEDIUM. 1 informational finding was also reported.
4 vulnerabilities have been fixed and 1 information finding has been acknowledged.
The codebase in question had already undergone two prior Code4rena contests. This code review had a targeted nature which included 30 lines of code modified following prior Code4rena audits. Only specific functions outlined were reviewed.
Code review was focused on critical issues only. Improvements and optimizations were not reported.
Code reviewed consisted of the following files:
Following functions were reviewed:
C4 assesses the severity of disclosed vulnerabilities according to a methodology based on OWASP standards.
Vulnerabilities are divided into three primary risk categories: high, medium, and low/non-critical.
High-level considerations for vulnerabilities span the following key areas when conducting assessments:
- Malicious Input Handling
- Escalation of privileges
- Gas use
Further information regarding the severity criteria referenced throughout the submission review process, please refer to the documentation provided on the C4 website.
TotalSupply amount is read directly from storage.
Attacker can manipulate that amount using a flash loan and change the calculated LP token price. This is also an issue during regular calculation because the TVL is calculated based on time-averaged values but total supply is a current block value which will result consistently incorrect results.
Price ratio was calculated by division of price0 and price1. Both prices are normalized to 18 decimal points. Division at best case would return 0 which would cause division by zero revert. At worst case it returns single digit which will make calculations of fair reserves incorrect.
As part of
calculateFairReserves function, a square root of each reserve is calculated and divided by 1e18 to normalized the value to 18 decimals. However, there is evidence that reserves are 18 decimals value in the first place which will result in a wrong value calculated for pairs with tokens that do not have 18 decimal points.
price1 calculation used
stable0 value instead of
stable1. It will cause
pairFor function to return wrong address and most likely cause a revert. In extreme scenario it could return wrong price.
Hardcoding price of USDT and USDC as 1 may open some arbitrage opportunities when real price for each token is a little bit different. Also, in case of UST-style collapse, the protocol will not be able to liquidate bad loans.
C4 is an open organization governed by participants in the community.
C4 does not provide any guarantee or warranty regarding the security of this project. All smart contract software should be used at the sole risk and responsibility of users.