Skip to content

Latest commit

 

History

History
194 lines (146 loc) · 7.42 KB

027.md

File metadata and controls

194 lines (146 loc) · 7.42 KB

Magic Parchment Pig

Medium

non of the contracts are ERC1504 compliant

Summary

none of the contracts are ERC1504 compliant

Root Cause

None of the contracts inherit and use Handler interface and Data contract

/// Handler interface.
/// Handler defines business related functions.
/// Use the interface to ensure that your external services are always supported.
/// Because of function live(), we design IHandler as an abstract contract rather than a true interface.
contract IHandler {

    /// Initialize the data contarct.
    /// @param  _str    value of exmStr of Data contract.
    /// @param  _int    value of exmInt of Data contract.
    /// @param  _array  value of exmArray of Data contract.
    function initialize (string _str, uint256 _int, uint16 [] _array) public;

    /// Register Upgrader contract address.
    /// @param  _upgraderAddr   address of the Upgrader contract.
    function registerUpgrader (address _upgraderAddr) external;

    /// Upgrader contract calls this to check if it is registered.
    /// @return if the Upgrader contract is registered.
    function isUpgraderRegistered () external view returns(bool);

    /// Handler has been upgraded so the original one has to self-destruct.
    function done() external;

    /// Check if the Handler contract is a working Handler contract.
    /// It is used to prove the contract is a Handler contract.
    /// @return always true.
    function live() external pure returns(bool) {
        return true;
    }

    /** Functions - define functions here */

    /** Events - add events here */
}
/// Data Contract
contract DataContract {

    /** Management data */
    /// Owner and Handler contract
    address private owner;
    address private handlerAddr;

    /// Ready?
    bool private valid;

    /** Upgrader data */
    address private upgraderAddr;
    uint256 private proposalBlockNumber;
    uint256 private proposalPeriod;
    /// Upgrading status of the Handler contract
    enum UpgradingStatus {
        /// Can be upgraded
        Done,
        /// In upgrading
        InProgress,
        /// Another proposal is in progress
        Blocked,
        /// Expired
        Expired,
        /// Original Handler contract error
        Error
    }

    /** Data resources - define variables here */

    /** Modifiers */

    /// Check if msg.sender is the Handler contract. It is used for setters.
    /// If fail, throw PermissionException.
    modifier onlyHandler;

    /// Check if msg.sender is not permitted to call getters. It is used for getters (if necessary).
    /// If fail, throw GetterPermissionException.
    modifier allowedAddress;

    /// Check if the contract is working.
    /// It is used for all functions providing services after initialization.
    /// If fail, throw UninitializationException.
    modifier ready;

    /** Management functions */

    /// Initializer. Just the Handler contract can call it. 
    /// @param  _str    default value of this.exmStr.
    /// @param  _int    default value of this.exmInt.
    /// @param  _array  default value of this.exmArray.
    /// exception   PermissionException msg.sender is not the Handler contract.
    /// exception   ReInitializationException   contract has been initialized.
    /// @return if the initialization succeeds.
    function initialize (string _str, uint256 _int, uint16 [] _array) external onlyHandler returns(bool);

    /// Set Handler contract for the contract. Owner must set one to initialize the Data contract.
    /// Handler can be set by owner or Upgrader contract.
    /// @param  _handlerAddr    address of a deployed Handler contract.
    /// @param  _originalHandlerAddr    address of the original Handler contract, only used when an Upgrader contract want to set the Handler contract.
    /// exception   PermissionException msg.sender is not the owner nor a registered Upgrader contract.
    /// exception   UpgraderException   Upgrader contract does not provide a right address of the original Handler contract.
    /// @return if Handler contract is successfully set.
    function setHandler (address _handlerAddr, address _originalHandlerAddr) external returns(bool);

    /** Upgrader contract functions */

    /// Register an Upgrader contract in the contract.
    /// If a proposal has not been accepted until proposalBlockNumber + proposalPeriod, it can be replaced by a new one.
    /// @param  _upgraderAddr  address of a deployed Upgrader contract.
    /// exception   PermissionException msg.sender is not the owner.
    /// exception   UpgraderConflictException   Another Upgrader contract is working.
    /// @return if Upgrader contract is successfully registered.
    function startUpgrading (address _upgraderAddr) public returns(bool);

    /// Getter of proposalPeriod.
    /// exception   UninitializationException   uninitialized contract.
    /// exception   GetterPermissionException   msg.sender is not permitted to call the getter.
    /// @return this.proposalPeriod.
    function getProposalPeriod () public view isReady allowedAddress returns(uint256);

    /// Setter of proposalPeriod.
    /// @param  _proposalPeriod new value of this.proposalPeriod.
    /// exception   UninitializationException   uninitialized contract.
    /// exception   PermissionException msg.sender is not the owner.
    /// @return if this.proposalPeriod is successfully set.
    function setProposalPeriod (uint256 _proposalPeriod) public isReady returns(bool);

    /// Return upgrading status for Upgrader contracts.
    /// @param  _originalHandlerAddr    address of the original Handler contract.
    /// exception   UninitializationException   uninitialized contract.
    /// @return Handler contract's upgrading status.
    function canBeUpgraded (address _originalHandlerAddr) external view isReady returns(UpgradingStatus);

    /// Check if the contract has been initialized.
    /// @return if the contract has been initialized.
    function live () external view returns(bool);

    /** Getters and setters of data resources: define functions here */
}

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/BoostStablecoin.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/MasterAMO.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/Minter.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV2AMO.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/SolidlyV3AMO.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/AerodromeUtils.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/EqualizerUtils.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/MasterUtils.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/RamsesUtils.sol https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/ThenaUtils.sol

https://github.com/sherlock-audit/2024-10-axion/blob/main/solidly-utils/contracts/ThenaUtils.sol#L7

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Breaks core functionality according to contest readme

According to contest readme, contracts must strictly comply with ERC-1504 BUT none of the contracts comply with ERC-1504

Medium severity

PoC

No response

Mitigation

No response