1 Executive Summary
This report presents the results of our engagement with Trillion Network to review Trillion network contract.
The review was conducted over two days, from February 19, 2024 to February 20, 2024, by Rai Yang. A total of 2 person-days were spent.
2 Scope
Our review focused on the commit hash c65e22065d8b6cf7e8f7bea95675ee0b1af0567f. The list of files in scope can be found in the Appendix. All findings that we identified have been fixed in the version with commit hash 9154f8ef02f65ba4a7769e6f8020d0e3e4b05079
2.1 Objectives
Together with the Trillion Network team, we identified the following priorities for our review:
- Correctness of the implementation, consistent with the intended functionality and without unintended edge cases.
- Identify known vulnerabilities particular to smart contract systems, as outlined in our Smart Contract Best Practices, and the Smart Contract Weakness Classification Registry.
3 Security Specification
This section describes, from a security perspective, the expected behavior of the system under audit. It is not a substitute for documentation. The purpose of this section is to identify specific security properties that were validated by the audit team.
3.1 Actors
The relevant actors are listed below with their respective abilities:
- Admin: Manages all roles
- Pauser: Pauses contract
- Minter: Mints and burns token
- Upgrader: Upgrades contracts
- Rescuer: Rescues token from contract
- Blacklister: Blacklists account for token transfer
3.2 Trust Model
In any system, it’s important to identify what trust is expected/required between various actors. For this audit, we established the following trust model:
- The accounts assigned to above actors are secure ( Trillion Network team claimed that the accounts are managed by Fireblocks, have different accounts for different actor and each admin function requires MPC signing)
- The actors perform their role correctly
3.3 Security Properties
The following is a non-exhaustive list of security properties that were reviewed in this audit:
- Upgradeability of the contract has no logic bugs and security vulnerabilities that can be exploited
- Scripts for deploying and upgrading the contract have no logic bugs
- RBAC implementation for the contract has no issues
- Smart contract vulnerabilities (including but not exclusive of): Reentrancy attacks, storage collisions, gas griefing, logic bugs
- The contract deployer and upgrader’s private key are properly managed and not compromised
4 Findings
Each issue has an assigned severity:
- Minor issues are subjective in nature. They are typically suggestions around best practices or readability. Code maintainers should use their own judgment as to whether to address such issues.
- Medium issues are objective in nature but are not security vulnerabilities. These should be addressed unless there is a clear reason not to.
- Major issues are security vulnerabilities that may not be directly exploitable or may require certain conditions in order to be exploited. All major issues should be addressed.
- Critical issues are directly exploitable security vulnerabilities that need to be fixed.
4.1 No Limit for Minting Amount Major ✓ Fixed
Description
In token contract FiatTokenV1, there is no limit set for amount of tokens can be minted, as a result, the minter can mint unlimited tokens, disrupting the token supply and value.
Examples
../src/v1/FiatTokenV1.sol:L77-L79
function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {
_mint(to, amount);
}
Recommendation
Add a limit for the number of tokens the minter can mint.
4.2 Private Key Is Exposed in the Deployment and Upgrade Script Major ✓ Fixed
Description
In the contract deploying and upgrading script, private key is used to broadcast the transaction, this would expose private key of the deployer and upgrader account on the machine running the script, therefore compromising these accounts.
Examples
../script/DeployFiatToken.s.sol:L12
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
../script/UpgradeFiatToken.s.sol:L13-L14
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerPrivateKey);
Recommendation
Have Forge sending a raw transaction to the cold wallet of the account, the wallet signs the transaction then return the signed transactions to Forge and broadcaster. Alternatively use different wallet for deployment and upgrade and stop using the wallet after the script is complete
4.3 Critical Functions Are Public and Without Access Control Medium ✓ Fixed
Description
Critical functions in RescuableV1(rescue) and BlacklistableV1 (blacklist,unblacklist) are public and unauthenticated, any one can call these function to steal funds and blacklist other accounts. Although the child contract FiatTokenV1 has authenticated the overridden functions and protected them from public access, other contracts inheriting RescuableV1 and BlacklistableV1 might have risks from the unauthenticated public functions
Examples
../src/v1/RescuableV1.sol:L30
function rescue(IERC20 token, address to, uint256 amount) public virtual {
../src/v1/BlacklistableV1.sol:L51-L63
function blacklist(address account) public virtual {
_blacklisted[account] = true;
emit Blacklisted(account);
}
/**
* @dev Removes account from blacklist
* @param account The address to remove from the blacklist
*/
function unBlacklist(address account) public virtual {
_blacklisted[account] = false;
emit UnBlacklisted(account);
}
Recommendation
Make these functions internal and in the child contract add correspondent public function with authentication to call the inherited functions
4.4 Unecessary Parent Contracts Minor ✓ Fixed
Description
Contract BlacklistableV1 and RescuableV1 extends ContextUpgradeable and ERC20Upgradeable, which are not used in any of contract functions and are already inherited by the child contract FiatTokenV1.
Examples
../src/v1/BlacklistableV1.sol:L16
abstract contract BlacklistableV1 is Initializable, ContextUpgradeable, ERC20Upgradeable {
../src/v1/RescuableV1.sol:L16
abstract contract RescuableV1 is Initializable, ContextUpgradeable, ERC20Upgradeable {
../src/v1/FiatTokenV1.sol:L15-L25
contract FiatTokenV1 is
Initializable,
ERC20Upgradeable,
ERC20PausableUpgradeable,
ERC20BurnableUpgradeable,
AccessControlUpgradeable,
ERC20PermitUpgradeable,
UUPSUpgradeable,
BlacklistableV1,
RescuableV1
{
Recommendation
Remove the unnecessary parent contracts
4.5 Redundant _disableInitializers in Constructor Minor ✓ Fixed
Description
Contract FiatTokenV1 inherits from contracts BlacklistableV1 and RescuableV1, the two parent contracts both have _disableInitializers in their constructors to prevent uninitialized contract being initialized by the attackers, it’s not necessary to have _disableInitializers in the FiatTokenV1’s constructor, which is redundant and inefficient.
Examples
../src/v1/FiatTokenV1.sol:L38-L40
constructor() {
_disableInitializers();
}
Recommendation
Remove constructor from FiatTokenV1
Appendix 1 - Files in Scope
This audit covered the following files:
| File | SHA-1 hash |
|---|---|
| BlacklistableV1.sol | 88bea9a7b06a69a338dc898fb25797a702c25386 |
| FiatTokenV1.sol | a540cac0890bab0cc8fbd46f266acb0649c3b588 |
| RescuableV1.sol | ed1f7380eb47b8a0e98567778f9173df0e046181 |
| /script/DeployFiatToken.s.sol | b95a78c1f8ef809b8e246ff91a4c172e39ab85df |
| /script/UpgradeFiatToken.s.sol | 373fc995ff14bcbbe9ace2823a117ba5e8bf01b2 |
Appendix 2 - Disclosure
Consensys Diligence (“CD”) typically receives compensation from one or more clients (the “Clients”) for performing the analysis contained in these reports (the “Reports”). The Reports may be distributed through other means, including via Consensys publications and other distributions.
The Reports are not an endorsement or indictment of any particular project or team, and the Reports do not guarantee the security of any particular project. This Report does not consider, and should not be interpreted as considering or having any bearing on, the potential economics of a token, token sale or any other product, service or other asset. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. No Report provides any warranty or representation to any third party in any respect, including regarding the bug-free nature of code, the business model or proprietors of any such business model, and the legal compliance of any such business. No third party should rely on the Reports in any way, including for the purpose of making any decisions to buy or sell any token, product, service or other asset. Specifically, for the avoidance of doubt, this Report does not constitute investment advice, is not intended to be relied upon as investment advice, is not an endorsement of this project or team, and it is not a guarantee as to the absolute security of the project. CD owes no duty to any third party by virtue of publishing these Reports.
A.2.1 Purpose of Reports
The Reports and the analysis described therein are created solely for Clients and published with their consent. The scope of our review is limited to a review of code and only the code we note as being within the scope of our review within this report. Any Solidity code itself presents unique and unquantifiable risks as the Solidity language itself remains under development and is subject to unknown risks and flaws. The review does not extend to the compiler layer, or any other areas beyond specified code that could present security risks. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. In some instances, we may perform penetration testing or infrastructure assessments depending on the scope of the particular engagement.
CD makes the Reports available to parties other than the Clients (i.e., “third parties”) on its website. CD hopes that by making these analyses publicly available, it can help the blockchain ecosystem develop technical best practices in this rapidly evolving area of innovation.
A.2.2 Links to Other Web Sites from This Web Site
You may, through hypertext or other computer links, gain access to web sites operated by persons other than Consensys and CD. Such hyperlinks are provided for your reference and convenience only, and are the exclusive responsibility of such web sites’ owners. You agree that Consensys and CD are not responsible for the content or operation of such Web sites, and that Consensys and CD shall have no liability to you or any other person or entity for the use of third party Web sites. Except as described below, a hyperlink from this web Site to another web site does not imply or mean that Consensys and CD endorses the content on that Web site or the operator or operations of that site. You are solely responsible for determining the extent to which you may use any content at any other web sites to which you link from the Reports. Consensys and CD assumes no responsibility for the use of third-party software on the Web Site and shall have no liability whatsoever to any person or entity for the accuracy or completeness of any outcome generated by such software.
A.2.3 Timeliness of Content
The content contained in the Reports is current as of the date appearing on the Report and is subject to change without notice unless indicated otherwise, by Consensys and CD.