Find file History
Pull request Compare This branch is 91 commits ahead of makerdao:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
checkComponents Tidy Mar 24, 2018
checkValues Get values from mainnet Jun 9, 2018
code-review Tidy Jul 27, 2018
contracts Checking and organising component contracts Mar 21, 2018
deployed-contracts Vox data Jun 2, 2018
images Feeds Apr 16, 2018
oldUnusedFiles Tidy Jun 24, 2018
previous-audit Setting up Feb 23, 2018
scripts Tidy Jun 24, 2018
test Checking deployed values Apr 21, 2018
Feeds.md Feeds Apr 16, 2018
README.md Tidy Jul 27, 2018

README.md

MakerDAO Sai Contract Audit

Summary

MakerDAO's Sai stable currency is currently in use on the Ethereum mainnet, with a USD 50 million cap on the amount of Sai currency on issue. This cap was raised to USD 100 million on Jun 30 2018 in transaction 0x9da57d15.

Bok Consulting Pty Ltd was commissioned to perform an audit on MakerDAO's Sai Ethereum smart contracts.

An audit of MakerDAO's deployed contract has been conducted and no potential vulnerabilities have been identified in the smart contracts.



Table Of Contents



Scope

This audit is into the technical aspects of the MakerDAO's Sai stable currency contracts. The primary aim of this audit is to ensure that funds represented by these contracts are not easily attacked or stolen by third parties. The secondary aim of this audit is to ensure the coded algorithms work as expected. This audit does not guarantee that that the code is bug-free, but intends to highlight any areas of weaknesses.

This audit has been conducted on MakerDAO's contract source code for the following deployed smart contracts:

Note that the algorithms governing the economic functioning of the MakerDAO system are not covered by this audit.



Methodology

The following steps has been conducted for this audit:

  • The source code for the MakerDAO smart contracts were extracted from EtherScan from the deployed addresses on the Ethereum mainnet
  • Testing scripts were developed to deploy to a dev environment to observe the interactions between the various MakerDAO smart contracts
  • The deployed smart contracts were matched to the source code from the source GitHub repositories to separate the deployed smart contracts into their component smart contracts
  • The state and historical events for the deployed MakerDAO smart contracts were extracted from the mainnet Ethereum blockchain to confirm the deployment parameters, state variables and event logs
  • A code review of the component smart contracts was conducted
  • Some manual calculations have been calculated using the math-d5acd9c with the internal functions converted to public functions and deployed to 0xc05e27d67021f9fcF2113b51B2F5F9eb88A9FC48 on Ropsten


Results

The MakerDAO smart contracts are well written with a logical separation of functionality into component smart contracts.

One difficulty in understanding the smart contracts has been MakerDAO's choice of naming contracts and objects with three letter words like sai, sin, tub, tap and top, and the naming of actions with four letter words like cage, bite, mold and drip.

Another difficulty in tracing through the correctness in the functioning of the smart contracts has been the use of calculations with 18 (wad) and 27 (ray) decimal place precision. This difficulty is compounded by the use of three letter words for the object names mentioned above.

Once the conventions above are understood, the workings of the MakerDAO smart contracts become quite clear.

There are small number of issues of low importance raised by this audit. These are listed in the sections below documenting each deployed smart contract. There is also no ability to transfer out any other ERC20 tokens accidentally sent to the MakerDAO contracts, but again this is of low importance.

No potential vulnerabilities have been identified in the smart contracts.

The remaining sections of this report goes into more details of each component of the MakerDAO Sai smart contracts.



Tokens

Token Symbol Name Decimals Owner Authority
gem:0xc02aaa39 WETH Wrapped Ether 18 n/a n/a
gov:0x9f8f72aa MKR Maker 18 community4of6multisig:0x7bb0b085 0x00000000
sai:0x89d24a6b DAI Dai Stablecoin v1.0 18 0x00000000 dad:0x315cbb88
sin:0x79f6d0f6 SIN SIN 18 0x00000000 dad:0x315cbb88
skr:0xf53ad2c6 PETH Pooled Ether 18 0x00000000 dad:0x315cbb88

Gem

The WETH (Gem) token contract wraps ethers (ETH) in an ERC20 token contract.

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

  • LOW IMPORTANCE There is a possibility for the total supply to be larger than the sum of all token balance when the selfdestruct opcode is used to transfer ETH to this token contract, and this amount cannot be recovered from this token contract

Gov

This is the MKR (Maker) governance token contract.

Permissions

This token contract has owner set to community4of6multisig:0x7bb0b085 and authority set to 0x00000000. The 4 of 6 community multisig is able to mint(...) new MKR tokens and burn(...) any accounts tokens.

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Note

Issues

  • LOW IMPORTANCE The name() and symbol() functions return the bytes32 data type instead of string as recommended in the ERC20 token standard
  • LOW IMPORTANCE The decimals() function returns the uint256 data type instead of uint8 as recommended in the ERC20 token standard
  • LOW IMPORTANCE The mint(...) function should emit the Transfer(address(0), guy, wad) event as the blockchain token explorers will pick this event up
  • LOW IMPORTANCE The burn(...) function should emit the Transfer(guy, address(0), wad) event as the blockchain token explorers will pick this event up

Sai, Sin And Skr

These are the sai stable coin, sin anticoin and the skr claim on the collateral token contracts.

Permissions

These token contracts have owner set to 0x00000000 and authority set to dad:0x315cbb88 and this defines the permissions for which other smart contract are able to mint(...) and burn(...) these tokens. The following table is a whitelist of which smart contracts are able to mint(...) and burn(...) these tokens:

Permit From Permit To Function
tap:0xbda10930 sai:0x89d24a6b mint(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(uint256)
tap:0xbda10930 sin:0x79f6d0f6 burn(uint256)
tap:0xbda10930 skr:0xf53ad2c6 mint(uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(uint256)
tub:0x448a5065 sai:0x89d24a6b mint(address,uint256)
tub:0x448a5065 sai:0x89d24a6b burn(address,uint256)
tub:0x448a5065 sin:0x79f6d0f6 mint(address,uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(address,uint256)
tub:0x448a5065 skr:0xf53ad2c6 mint(address,uint256)
tub:0x448a5065 skr:0xf53ad2c6 burn(address,uint256)

Potential Vulnerabilities

No potential vulnerabilities have been identified in these smart contract.

Issues

  • LOW IMPORTANCE The name() and symbol() functions return the bytes32 data type instead of string as recommended in the ERC20 token standard
  • LOW IMPORTANCE The decimals() function returns the uint256 data type instead of uint8 as recommended in the ERC20 token standard


Pip And Pep Price Feeds

These are the ETH/USD pip and the MKR/USD pep Medianizer smart contracts to calculate the median prices from multiple price feed sources. 0x137fdd00 is one of the ETH/USD pip price feed contributors, and 0x8a4774fe is one of the MKR/USD pep price feed contributors.

Individual price feed providers write to their instances of PriceFeed contracts, which then call the Medianizer poke() function. This poke() function then collects all contributors price feed DSValue points to calculate the median price feed value.

Permissions

Both the pip and pep contracts have owner set to 0x00000000 and authority set to adm:0x8e2a84d6. The adm contract allows multiple parties to vote on a smart contract that will then be executed, and permissioned through the adm contract to execute pip and pep functions.

Potential Vulnerabilities

No potential vulnerabilities have been identified in these smart contract.

Issues

No potential issues were identified in these contracts.



Vox Target Price Feed

The vox target price feed is the reference rate that the sai stable coin targets.

Permissions

This contracts has owner set to 0x00000000 and authority set to dad:0x315cbb88 and this defines the permissions for which other smart contracts (mom) are able to tune the vox parameters using the mold(...) and tune(...) functions.

Permit From Permit To Function
mom:0xf2c5369c vox:0x9b0f70df mold(bytes32,uint256)
mom:0xf2c5369c vox:0x9b0f70df tune(uint256)

Potential Vulnerabilities

No potential vulnerabilities have been identified in these smart contract.

Issues

No potential issues were identified in this contract.



Tub Collateral Debt Position

The tub contract manages the list of cups representing the individual collateral debt position.

Permissions

This contract has owner set to 0x00000000 and authority set to dad:0x315cbb88 and this defines the permissions for which other smart contract are able to execute the functions. The following table is a whitelist of which smart contracts are able to execute the functions:

Permit From Permit To Function Notes
mom:0xf2c5369c tub:0x448a5065 mold(bytes32,uint256) mom can set parameters cap, mat, tax, fee, axe and gap
mom:0xf2c5369c tub:0x448a5065 setPip(address) mom can set new ETH/USD pip price feed
mom:0xf2c5369c tub:0x448a5065 setPep(address) mom can set new MKR/USD pep price feed
mom:0xf2c5369c tub:0x448a5065 setVox(address) mom can set new vox
top:0x9b0ccf7c tub:0x448a5065 cage(uint256,uint256)
top:0x9b0ccf7c tub:0x448a5065 flow()
top:0x9b0ccf7c tap:0xbda10930 cage(uint256)
tub:0x448a5065 sai:0x89d24a6b mint(address,uint256)
tub:0x448a5065 sai:0x89d24a6b burn(address,uint256)
tub:0x448a5065 sin:0x79f6d0f6 mint(address,uint256)
tub:0x448a5065 skr:0xf53ad2c6 mint(address,uint256)
tub:0x448a5065 skr:0xf53ad2c6 burn(address,uint256)

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

  • LOW IMPORTANCE - Note that tub.tag() returns value is a ray (10^27) and NOT a a wad (10^18) number as implied in the return value function tag() public view returns (uint wad) {


Tap Liquidator

The tap contract is the Liquidator.

Permissions

This contract has owner set to 0x00000000 and authority set to dad:0x315cbb88 and this defines the permissions for which other smart contract are able to execute the functions. The following table is the dad whitelist of which smart contracts are able to execute the functions:

Permit From Permit To Function Notes
top:0x9b0ccf7c tap:0xbda10930 cage(uint256)
tap:0xbda10930 sai:0x89d24a6b mint(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(uint256)
tap:0xbda10930 sin:0x79f6d0f6 burn(uint256)
tap:0xbda10930 skr:0xf53ad2c6 mint(uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(address,uint256)
mom:0xf2c5369c tap:0xbda10930 mold(bytes32,uint256)

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.



Top Global Settlement Manager

The top contract is the Global Settlement Manager.

Permissions

The top contract has owner set to 0x00000000 and authority set to adm:0x8e2a84d6. The adm contract allows multiple parties to vote on a smart contract that will then be executed, and permissioned through the adm contract to execute top functions.

Following is the whitelist of permissions from the dad contract that allows top contract to execute functions in the tub and tap contracts:

Permit From Permit To Function Notes
top:0x9b0ccf7c tub:0x448a5065 cage(uint256,uint256)
top:0x9b0ccf7c tub:0x448a5065 flow()
top:0x9b0ccf7c tap:0xbda10930 cage(uint256)

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.



Contract Permissions

Dad

The dad contract is set as the authority for many of the MakerDao smart contracts.

The following table shows the whitelist rules created during the deployment of the dad contract:

Permit From Permit To Function
top:0x9b0ccf7c tub:0x448a5065 cage(uint256,uint256)
top:0x9b0ccf7c tub:0x448a5065 flow()
top:0x9b0ccf7c tap:0xbda10930 cage(uint256)
tub:0x448a5065 skr:0xf53ad2c6 mint(address,uint256)
tub:0x448a5065 skr:0xf53ad2c6 burn(address,uint256)
tub:0x448a5065 sai:0x89d24a6b mint(address,uint256)
tub:0x448a5065 sai:0x89d24a6b burn(address,uint256)
tub:0x448a5065 sin:0x79f6d0f6 mint(address,uint256)
tap:0xbda10930 sai:0x89d24a6b mint(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(address,uint256)
tap:0xbda10930 sai:0x89d24a6b burn(uint256)
tap:0xbda10930 sin:0x79f6d0f6 burn(uint256)
tap:0xbda10930 skr:0xf53ad2c6 mint(uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(uint256)
tap:0xbda10930 skr:0xf53ad2c6 burn(address,uint256)
mom:0xf2c5369c vox:0x9b0f70df mold(bytes32,uint256)
mom:0xf2c5369c vox:0x9b0f70df tune(uint256)
mom:0xf2c5369c tub:0x448a5065 mold(bytes32,uint256)
mom:0xf2c5369c tap:0xbda10930 mold(bytes32,uint256)
mom:0xf2c5369c tub:0x448a5065 setPip(address)
mom:0xf2c5369c tub:0x448a5065 setPep(address)
mom:0xf2c5369c tub:0x448a5065 setVox(address)

Any MakerDAO contract that has owner set to 0x00000000 and authority set to dad:0x315cbb88 will use the the whitelist table above to check if the inter-contract calls are permissioned.

Permissions

The dad contract has owner set to 0x00000000 and authority set to 0x00000000. No further changes to the dad contract are possible.

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.


Mom

The mom contract is set up with permissions to execute functions to modify the MakerDAO system parameters. The adm contract allows multiple parties to vote on actions (executed via smart contracts) that will execute the appropriate functions in the mom contract.

Permissions

The mom contract has owner set to 0x00000000 and authority set to adm:0x8e2a84d6. The adm contract allows multiple parties to vote on a smart contract that will then be executed, and permissioned through the adm contract to execute mom functions.

Following is the whitelist of permissions from the dad contract that allows mom contract to execute functions in the vox, tub and tap contracts:

Permit From Permit To Function
mom:0xf2c5369c vox:0x9b0f70df mold(bytes32,uint256)
mom:0xf2c5369c vox:0x9b0f70df tune(uint256)
mom:0xf2c5369c tub:0x448a5065 mold(bytes32,uint256)
mom:0xf2c5369c tap:0xbda10930 mold(bytes32,uint256)
mom:0xf2c5369c tub:0x448a5065 setPip(address)
mom:0xf2c5369c tub:0x448a5065 setPep(address)
mom:0xf2c5369c tub:0x448a5065 setVox(address)

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.


Adm

The adm contract allows multiple parties to vote on actions that will affect the MakerDAO system.

Permissions

The adm contract has owner set to 0x00000000 and authority set to adm:0x8e2a84d6 (itself). The adm contract is set up for multiple parties to vote on actions, implemented as a smart contract, that will be execute to modify the parameters of the MakerDAO system. The voted-in contract then has the ability to execute functions on the mom, pip, pep and top contracts.

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.



Other

Pit Token Burner

skr tokens can be burnt by sending them to the pit contract.

Permissions

This contracts has no owner or authority. There is a burn(...) function in the pit contract but this function is not permissioned to execute any token's burn(...) function, so this function cannot be execute. As the tokens will be permanently stuck in this pit contract, they are effectively burnt.

Potential Vulnerabilities

No potential vulnerabilities have been identified in this smart contract.

Issues

No potential issues were identified in this contract.



Code Review Of Components

Source code for the deployed contracts have been matched against the component contracts from the MakerDAO and DappSys source code repository. Scripts and results were used to confirm the match of the deployed contracts against the component contracts.

  • ✓ Gem (weth9-b353893) is a standalone contract.
  • SSS represents the Sai, Sin and Skr contracts that are all identical in the source code, but with different deployment parameters
  • Pip deployed on 10 May 2017. The other components were deployed in Dec 2017
Component Gov Pip Pep Pit Adm SSS Dad Mom Vox Tub Tap Top Fab
auth-52c6a32 1 1 2 1 2 1 1 1 1 1 1 1
auth-ce285fb 1
base-e637e3f 7 6 8 6 7 7 7 7 9
chief-a06b5e4 10
erc20-56f16b3 6
erc20-c4f5635 5 7 5 6 6 6 6 8
guard-f8b7f58 2 2
math-a01112f 3
math-d5acd9c 2 2 1 3 1 3 3 3 3 3 5
note-7170a08 3 2 3 3 4 3 2 2 2 2 2 4
roles-188b3dd 2 3
stop-842e350 5 4 6 4 5 5 5 5 7
thing-35b2538 4 4
thing-4c86a53 5 4 4 4 4 4 6
thing-ea63fd3 4
token-e637e3f 8 7 9 7 8 8 8 8 10
value-2027f97 5
value-faae4cb 5 9 9 9 9 11
medianizer-31cc0a8 6
medianizer-6cb859c 6
pit-b353893 8
vox-b353893 10 5 10 10 10 12
tub-b353893 11 11 11 11 13
tap-b353893 12 12 12 14
top-b353893 13 13 15
mom-b353893 14 16
fab-b353893 17


(c) BokkyPooBah / Bok Consulting Pty Ltd for MakerDAO - Jun 21 2018. The MIT Licence.