Setup
- found that foundry image has some issue with extension install in dev container, solution is to add following in devcontainer.json
"settings": {
"extensions.verifySignature": false
}
General learnings
- don't aim to understand all business logic at the begining, start from some important function (e.g. transfer, approve, etc), then think about some exteme cases that could happen (e.g. if transfer to zero address / if transfer to itself, etc) 1.1 imporatant to show example and poc
- [M-02/KIB-02L/KFC-03L] a constraint implemented in 1 function, is it implemented in other function (e.g. addPayee doesn't allow duplicate payee, but does changePayee check that?)
- [M-03] for call to 3rd party, any validation missed (e.g. check updated_at for oracle)
- [M-04] some revert condition may not makes sense, may be those conditions are exterme cases, but not impossible
- [KIB-01L] does it use 3rdparty framework properly?, e.g.
OpenZeppelin _disableInitializers
For the H-01 finding
2. forge test --debug "test_transfer" --no-match-test "test_transfer_|test_transferFrom" --match-contract My_KIBTokenTransfer
3. forge test --match-contract My_KIBTokenTransfer
This test reproduce the high issue in code4arena
- Total Prize Pool: $38,600 USDC
- HM awards: $25,500 USDC
- QA report awards: $3,000 USDC
- Gas report awards: $1,500 USDC
- Judge + presort awards: $8,100 USDC
- Scout awards: $500 USDC
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts February 17, 2023 20:00 UTC
- Ends February 22, 2023 20:00 UTC
This repo contains source contracts and testing suites for the MCAG contracts and the KUMA Protocol. Each corresponding project directory contains documentation in the /docs folder.
The src/kuma-protocol/ folder contains the contracts that comprise the decentralized KUMA protocol. See docs/kuma-protocol/ for KUMA protocol docs.
The src/mcag-contracts/ contains contracts that are managed by the centralized MCAG entity. See docs/mcag-contracts/ for MCAG contracts docs.
All other files in the repo
- @mcag/interfaces/IKUMABondToken.sol
- @mcag/interfaces/MCAGAggregatorInterface.sol
- @openzeppelin-upgradeable/contracts/interfaces/IERC20MetadataUpgradeable.sol
- @openzeppelin-upgradeable/contracts/security/PausableUpgradeable.sol
- @openzeppelin-upgradeable/contracts/token/ERC20/ERC20Upgradeable.sol
- @openzeppelin-upgradeable/contracts/token/ERC20/extensions/draft-ERC20PermitUpgradeable.sol
- @openzeppelin-upgradeable/contracts/token/ERC20/extensions/draft-IERC20PermitUpgradeable.sol
- @openzeppelin-upgradeable/contracts/token/ERC721/ERC721Upgradeable.sol
- @openzeppelin-upgradeable/contracts/token/ERC721/IERC721Upgradeable.sol
- @openzeppelin/contracts/access/AccessControl.sol
- @openzeppelin/contracts/access/IAccessControl.sol
- src/kuma-protocol/KBCToken.sol
- src/kuma-protocol/KUMAAddressProvider.sol
- src/kuma-protocol/KUMASwap.sol
- src/kuma-protocol/MCAGRateFeed.sol
- src/kuma-protocol/interfaces/IKIBToken.sol
- src/kuma-protocol/interfaces/IKUMAAddressProvider.sol
- src/kuma-protocol/interfaces/IMCAGRateFeed.sol
- src/mcag-contracts/Blacklist.sol
- src/mcag-contracts/KUMABondToken.sol
- src/mcag-contracts/KYCToken.sol
- src/mcag-contracts/MCAGAggregator.sol
- src/mcag-contracts/interfaces/IBlacklist.sol
- src/mcag-contracts/interfaces/IKUMABondToken.sol
- @openzeppelin/contracts/access/Ownable.sol
- @openzeppelin/contracts/interfaces/IERC20.sol
- @openzeppelin/contracts/proxy/utils/Initializable.sol
- @openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol
- @openzeppelin/contracts/security/Pausable.sol
- @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol
- @openzeppelin/contracts/token/ERC721/ERC721.sol
- @openzeppelin/contracts/token/ERC721/IERC721.sol
- @openzeppelin/contracts/token/ERC721/IERC721Receiver.sol
- @openzeppelin/contracts/utils/Address.sol
- @openzeppelin/contracts/utils/Counters.sol
- @openzeppelin/contracts/utils/structs/EnumerableSet.sol
Please see the docs/ folder for more context.
- If you have a public code repo, please share it here: n/a
- How many contracts are in scope?: 22
- Total SLoC for these contracts?: 1634
- How many external imports are there?: n/a
- How many separate interfaces and struct definitions are there for the contracts within scope?: 3 structs, 10 interfaces
- Does most of your code generally use composition or inheritance?: inheritance
- How many external calls?: n/a
- What is the overall line coverage percentage provided by your tests?: 100%
- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: KUMA Protocol will depend on the Mimo Capital AG contracts
- Please describe required context: Please read the docs in each respective folder
- Does it use an oracle?: No
- Does the token conform to the ERC20 standard?: Yes
- Are there any novel or unique curve logic or mathematical models?: No
- Does it use a timelock function?: No
- Is it an NFT?: Yes
- Does it have an AMM?: No
- Is it a fork of a popular project?: No
- Does it use rollups?: No
- Is it multi-chain?: No
- Does it use a side-chain?: No
This repo contains relevant tests for the two source projects. To run tests:
- Make sure all git submodules are installed using
git submodule update --init
- Run
forge test
Make sure forge
is at least on the following version: forge 0.2.0 (1a56901 2023-02-15T00:05:20.802314Z)
To skip invariant and fuzz tests run forge test --no-match-path "{*invariant*,*fuzz*}"
Alternatively use the following quickstart command:
rm -Rf 2023-02-kuma || true && git clone https://github.com/code-423n4/2023-02-kuma.git -j8 --recurse-submodules && cd 2023-02-kuma && git submodule update --init && foundryup && forge install && forge build && forge test --gas-report
The root folder contains a slither.config.json
file that can be used to run static analysis on the kuma-protocol
project. Refer to the foundry docs on how to run Slither
For the following files the invariants should be run with fail_on_revert = true
in the foundry.toml
:
[invariant]
runs = 256
depth = 256
fail_on_revert = true
Then run the tests with forge test --match-path "*fail.on.revert*"