QA Report

[code423n4]

ISSUE LIST

C4-001 : Low level calls with solidity version 0.8.x can result in optimizer bug. - LOW

C4-002 : Centralization Risk - Low

C4-003 : Missing zero-address check in the setter functions in the constructor - Low

C4-004 : transferOwnership should be two step process - Low

C4-005 : Incompatibility With Rebasing/Deflationary/Inflationary tokens - LOW

C4-006 : Use of _msgSender() - Non - critical

C4-007 : Add disableInitializers to Prevent Front-running - LOW

C4-008 : Critical changes should use two-step procedure - Non Critical

C4-009 : External Upgradeable Contracts Are Not Initialized - Non critical

C4-001 : Low level calls with solidity version 0.8.x can result in optimizer bug.

Impact

The protocol is using low level calls with solidity version 0.8.x which can result in optimizer bug.

https://medium.com/certora/overly-optimistic-optimizer-certora-bug-disclosure-2101e3f7994d

Proof of Concept

https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/libraries/SignatureDecoder.sol#L75

Tools Used

Code Review

Recommended Mitigation Steps

Consider upgrading to solidity 0.8.15.

C4-002 : Centralization Risk

Impact - LOW

Owner role has absolute power across the contracts with several onlyOwner functions. There is no ability to change admin to a new address or renounce it which is helpful for lost/compromised admin keys or to delegate control to a different governance/DAO address in future.

The project does not use the widely used OpenZeppelin Ownable library which provides transfer/renounce functions to mitigate such compromised/accidental situations with admin keys. This makes admin role/key a single-point of failure.

Location

https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFi.sol#L123

Recommended Mitigation Steps

Ensure admins are reasonably redundant/independent (3/7 or 5/9) multisigs and add transfer/renounce functionality for admin. Consider using OpenZeppelin’s Ownable library.

C4-003 : Missing zero-address check in the setter functions in the constructor - Low

Impact

Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFi.sol#L200

Tools Used

Code Review

Recommended Mitigation Steps

Consider adding zero-address checks in the discussed constructors:
require(newAddr != address(0));.

C4-004 : # transferOwnership should be two step process

Impact

The contracts inherit OpenZeppelin's Ownable contract which enables the onlyOwner role to transfer ownership to another address. It's possible that the onlyOwner role mistakenly transfers ownership to the wrong address, resulting in a loss of the onlyOwner role. The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone
if the address is incorrect, the new address will take on the functionality of the new role immediately

for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert

Proof of Concept

1. Navigate to "https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFiProxy.sol#L14".
2. The contracts have many onlyOwner function.
3. The contract is inherited from the Ownable which includes transferOwnership.

Tools Used

None

Recommended Mitigation Steps

Implement zero address check and Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.

C4-005 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Impact - LOW

Rigor protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Proof of Concept

1. Navigate to the following contract.

2022-08-rigor/contracts/Community.sol:321:        _community.currency.safeTransferFrom(
2022-08-rigor/contracts/Community.sol:443:        _currency.safeTransferFrom(_msgSender(), homeFi.treasury(), _lenderFee);
2022-08-rigor/contracts/Community.sol:446:        _currency.safeTransferFrom(_msgSender(), _project, _amountToProject);
2022-08-rigor/contracts/Community.sol:474:        _communities[_communityID].currency.safeTransferFrom(
2022-08-rigor/contracts/Project.sol:206:            currency.safeTransferFrom(_sender, address(this), _cost);
2022-08-rigor/contracts/Project.sol:353:        currency.safeTransfer(
2022-08-rigor/contracts/Project.sol:381:            _token.safeTransfer(builder, _leftOutTokens);
2022-08-rigor/contracts/Project.sol:775:        currency.safeTransfer(builder, _amount);

Tools Used

Manual Code Review

Recommended Mitigation Steps

• Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
• Add support in contracts for such tokens before accepting user-supplied tokens
• Consider supporting deflationary / rebasing / etc tokens by extra checking the balances before/after or strictly inform your users not to use such tokens if they don't want to lose them.

C4-006 : Use of msgSender

Impact - Non critical

Vulnerability details

Impact

The use of _msgSender() when there is no implementation of a meta transaction mechanism that uses it, such as EIP-2771, very slightly increases gas consumption.

Proof of Concept

_msgSender() is utilized three times where msg.sender could have been used in the following function.

2022-08-rigor/contracts/ProjectFactory.sol:65:            _msgSender() == IHomeFi(homeFi).admin(),
2022-08-rigor/contracts/ProjectFactory.sol:84:        require(_msgSender() == homeFi, "PF::!HomeFiContract");
2022-08-rigor/contracts/DebtToken.sol:32:            communityContract == _msgSender(),
2022-08-rigor/contracts/mock/HomeFiV3Mock.sol:22:        emit TrustedForwarderChangedWithSender(_newForwarder, _msgSender());
2022-08-rigor/contracts/mock/HomeFiMock.sol:42:        require(admin == _msgSender(), "HomeFi::!Admin");
2022-08-rigor/contracts/mock/HomeFiMock.sol:69:        admin = _msgSender();
2022-08-rigor/contracts/mock/HomeFiMock.sol:145:        address _sender = _msgSender();
2022-08-rigor/contracts/mock/HomeFiMock.sol:210:    function _msgSender()
2022-08-rigor/contracts/mock/HomeFiMock.sol:216:        // this is same as ERC2771ContextUpgradeable._msgSender();
2022-08-rigor/contracts/mock/HomeFiMock.sol:217:        // We want to use the _msgSender() implementation of ERC2771ContextUpgradeable
2022-08-rigor/contracts/mock/HomeFiMock.sol:218:        return super._msgSender();
2022-08-rigor/contracts/Community.sol:75:        require(_msgSender() == homeFi.admin(), "Community::!admin");
2022-08-rigor/contracts/Community.sol:91:            _msgSender() == IProject(_project).builder(),
2022-08-rigor/contracts/Community.sol:128:        address _sender = _msgSender();
2022-08-rigor/contracts/Community.sol:160:            _communities[_communityID].owner == _msgSender(),
2022-08-rigor/contracts/Community.sol:322:            _msgSender(),
2022-08-rigor/contracts/Community.sol:380:        address _sender = _msgSender();
2022-08-rigor/contracts/Community.sol:443:        _currency.safeTransferFrom(_msgSender(), homeFi.treasury(), _lenderFee);
2022-08-rigor/contracts/Community.sol:446:        _currency.safeTransferFrom(_msgSender(), _project, _amountToProject);
2022-08-rigor/contracts/Community.sol:475:            _msgSender(),
2022-08-rigor/contracts/Community.sol:492:            _msgSender() == _communities[_communityID].owner,
2022-08-rigor/contracts/Community.sol:503:        approvedHashes[_msgSender()][_hash] = true;
2022-08-rigor/contracts/Community.sol:505:        emit ApproveHash(_hash, _msgSender());
2022-08-rigor/contracts/Community.sol:562:        emit RestrictedToAdmin(_msgSender());
2022-08-rigor/contracts/Community.sol:573:        emit UnrestrictedToAdmin(_msgSender());
2022-08-rigor/contracts/Community.sol:898:    /// @dev This is same as ERC2771ContextUpgradeable._msgSender()
2022-08-rigor/contracts/Community.sol:899:    function _msgSender()
2022-08-rigor/contracts/Community.sol:905:        // We want to use the _msgSender() implementation of ERC2771ContextUpgradeable
2022-08-rigor/contracts/Community.sol:906:        return super._msgSender();
2022-08-rigor/contracts/Disputes.sol:46:        require(homeFi.admin() == _msgSender(), "Disputes::!Admin");
2022-08-rigor/contracts/Disputes.sol:52:        require(homeFi.isProjectExist(_msgSender()), "Disputes::!Project");
2022-08-rigor/contracts/Disputes.sol:134:        assertMember(_dispute.project, _dispute.taskID, _msgSender());
2022-08-rigor/contracts/Disputes.sol:137:        emit DisputeAttachmentAdded(_disputeID, _msgSender(), _attachment);
2022-08-rigor/contracts/HomeFi.sol:73:        require(admin == _msgSender(), "HomeFi::!Admin");
2022-08-rigor/contracts/HomeFi.sol:113:        admin = _msgSender();
2022-08-rigor/contracts/HomeFi.sol:218:        address _sender = _msgSender();
2022-08-rigor/contracts/HomeFi.sol:302:    /// @dev This is same as ERC2771ContextUpgradeable._msgSender()
2022-08-rigor/contracts/HomeFi.sol:303:    function _msgSender()
2022-08-rigor/contracts/HomeFi.sol:309:        // We want to use the _msgSender() implementation of ERC2771ContextUpgradeable
2022-08-rigor/contracts/HomeFi.sol:310:        return super._msgSender();
2022-08-rigor/contracts/Project.sol:109:        address _sender = _msgSender();
2022-08-rigor/contracts/Project.sol:150:        require(_msgSender() == builder, "Project::!B");
2022-08-rigor/contracts/Project.sol:186:        address _sender = _msgSender();
2022-08-rigor/contracts/Project.sol:224:        if (_msgSender() != disputes) {
2022-08-rigor/contracts/Project.sol:302:            _msgSender() == builder || _msgSender() == contractor,
2022-08-rigor/contracts/Project.sol:323:            tasks[_taskList[i]].acceptInvitation(_msgSender());
2022-08-rigor/contracts/Project.sol:344:        if (_msgSender() != disputes) {
2022-08-rigor/contracts/Project.sol:400:        if (_msgSender() != disputes) {

Tools Used

None

Recommended Mitigation Steps

Replace _msgSender() with msg.sender if there is no mechanism to support meta-transactions like EIP-2771 implemented.

C4-007 : Add disableInitializers to Prevent Front-running

Code Location

https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/Disputes.sol#L74

Impact

Defining initial values for variables when declaring them in a contract like in the code below does not work for upgradeable contracts.

Refer to explanation below:

https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#avoid-initial-values-in-field-declarations

Also, one should not leave the implementation contract uninitialized. None of the implementation contracts in the code base contains the code recommended by OpenZeppelin below, or an empty constructor with the initializer modifier.

Tools Used

Code Review

Recommended Mitigation Steps

/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}

Refer to the link below:

https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#initializing_the_implementation_contract

C4-008 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The critical procedures should be two step process. The contracts inherit OpenZeppelin's Ownable contract which enables the onlyOwner role to transfer ownership to another address. It's possible that the onlyOwner role mistakenly transfers ownership to the wrong address, resulting in a loss of the onlyOwner role. The current ownership transfer process involves the current owner calling Unlock.transferOwnership(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyOwner() modifier. Lack of two-step procedure for critical operations leaves them error-prone
if the address is incorrect, the new address will take on the functionality of the new role immediately

for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert

Proof of Concept

1. Navigate to the following contract.

2022-08-rigor/contracts/HomeFi.sol:123:    function setAddr(
2022-08-rigor/contracts/HomeFi.sol:200:    function setTrustedForwarder(address _newForwarder)
2022-08-rigor/contracts/Project.sol:330:    function setComplete(bytes calldata _data, bytes calldata _signature)
2022-08-rigor/contracts/interfaces/IHomeFi.sol:65:    function setAddr(
2022-08-rigor/contracts/interfaces/IHomeFi.sol:115:    function setTrustedForwarder(address _newForwarder) external;
2022-08-rigor/contracts/interfaces/IProject.sol:170:    function setComplete(bytes calldata _data, bytes calldata _signature)

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-009 : External Upgradeable Contracts Are Not Initialized - Non critical

Vulnerability details

Impact

During the manual code review, It has been observed that re-entrancy guard contract is not initialized. The contract re-entrancy guard is not upgradeable. You need to - manually call the __{contract}_init(); method of every parent contract with appropriate parameters.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFi.sol#L29

Tools Used

Code Review

Recommended Mitigation Steps

Ensure that all necessary contracts are initialized from the upgradeable contracts. The sample can be seen from below.

function initialize() public initializer {
  __ReentrancyGuard_init();
}