Mundus Security is thrilled to announce the release of the Final Security Audit Report for the ARTH Value Token of the MahaDAO (https://mahadao.com/) project. If you want to increase trust for your users, we are here to talk (Calendly).
About MahaDAO
MahaDAO is a mission to create a decentralized and stable economy. That is driven by the people, for the people.
MahaDAO is a community-powered, decentralized organization on a mission to empower billions with a stable economy through the world’s first valuecoin, ARTH.
To do this, MahaDAO uses two tokens to achieve this vision - the governance token MAHA, and the valuecoin ARTH.
About ARTH value token
ARTH is a stablecoin that is designed to appreciate overtime against the US dollar while at the same time it remains relatively stable.
ARTH is minted/burnt using decentralized smart contracts that use ETH as collateral to maintain its peg. The interest rate charged to mint ARTH using ETH is 0%, which makes it very cost-effective for borrowing/lending.
ARTH is fully collateralized with mechanisms that give it a backing of at least 110% in ETH.
Summary of the ARTH Value Token Report
During the audit process, our security team has identified 26 potential vulnerabilities. In which 2 High and 3 Medium vulnerabilities. The MahaDAO team fixed 3 vulneriablities, including 2 High and 1 Medium, all other vulneriablities are acknowledged by the MahaDAO team.
You can find our classification in the Appendix of this announcement.
Vulnerabilities found during the audit -> after fixing (left as acknowledged):
- High 2 -> 0
- Medium 3 -> 2
- Low 2 -> 2
- Informational 16 -> 16
- Gas 3 -> 3
You can find a full audit report here (Github).
Scope of Work
For source code audit purposes, we split SoW into two sets of contracts. The first set (we will call it ARTH Core) consists of these contracts:
- ActivePool
- ARTHValuecoin
- BorrowerOperations
- CollSurplusPool
- CommunityIssuance
- DefaultPool
- Governance
- SortedTroves
- StabilityPool
- TroveManager
These contracts are part of arth-core repository (with exception of ARTHValuecoin. It belongs to separate token repository). And all of these contracts are derived from Liquity project. For these contracts, SoW was settled as audit of changes made after the last audit of Liquity project in 2021.
The second set (we will call it ARTH Periphery) consists of these contracts:
- ETHTroveStrategy Proxy
- USDCCurveStrategy Proxy
- StabilityPoolKeeper
- ARTHFlashMinter
- ETHGMUOracle
- GMUOracle
For these contracts, we performed source code audit as usual.
High and Medium Vulnerabilities Description
ARTH Core
ID-01. Medium: Wrong depositorETHGain receiver when invoking provideToSPFor method in StabilityPool.sol
Description:
The provideToSPFor method of StabilityPool.sol is a restricted function that allows contract admin to execute the provideToSP method on behalf of another account. In that function the depositorETHGain is sent to depositor via _sendETHGainToDepositor method. However, the _sendETHGainToDepositor function deals only with msg.sender, which means that in the case of using provideToSPFor the depositorETHGain is sent to msg.sender, rather than _who.
The provideToSPFor method of StabilityPool.sol is a restricted function that allows contract admin to execute the provideToSP method on behalf of another account. In that function the depositorETHGain is sent to depositor via _sendETHGainToDepositor method. However, the _sendETHGainToDepositor function deals only with msg.sender, which means that in the case of using provideToSPFor the depositorETHGain is sent to msg.sender, rather than _who.
Recommendation:
Modify the _sendETHGainToDepositor(uint256 amount) function as well as all its use cases to contain the recipient address, i.e. _sendETHGainToDepositor(uint256 amount, _who).
Modify the _sendETHGainToDepositor(uint256 amount) function as well as all its use cases to contain the recipient address, i.e. _sendETHGainToDepositor(uint256 amount, _who).
Alleviation:
This issue is acknowledged by the MahaDAO team.
This issue is acknowledged by the MahaDAO team.
ARTH Periphery
ID-14. High: Insufficient access control for notifyRewardAmount in StakingRewardsChild.sol -> USDCCurveStrategy.sol
Description:
The notifyRewardAmount method of StakingRewardsChild.sol in the USDCCurveStrategy contract lacks access control. Thus, any account is able to modify the rewardRate, lastUpdateTime and periodFinish state variables of the USDCCurveStrategy contract.
The notifyRewardAmount method of StakingRewardsChild.sol in the USDCCurveStrategy contract lacks access control. Thus, any account is able to modify the rewardRate, lastUpdateTime and periodFinish state variables of the USDCCurveStrategy contract.
Recommendation:
Add onlyOwner modifier to the notifyRewardAmount method of StakingRewardsChild.sol.
Add onlyOwner modifier to the notifyRewardAmount method of StakingRewardsChild.sol.
Alleviation:
The issue fix was introduced in commit 7af025d8f401113c7a0b55aab8012e8534c29154. Access to the notifyRewardAmount method is controlled by onlyOperator modifier.
The issue fix was introduced in commit 7af025d8f401113c7a0b55aab8012e8534c29154. Access to the notifyRewardAmount method is controlled by onlyOperator modifier.
ID-15. High: Wrong fee mechanism when invoking flashLoan in ARTHFlashMinter.sol Description The flashLoan method of ARTHFlashMinter.sol is implemented with the wrong fee mechanism. According to the code below, after a successful callback, the amount of receiver's tokens is burned, and the _fee is transferred to the ecosystemFund at the expense of the ARTHFlashMinter contract.
Recommendation:
Modify the flashLoan method of ARTHFlashMinter.sol in either of the two following ways.
Alleviation:
The issue fix was introduced in commit e6c7312768c9c5eb540dc02d356acd0f02f3b3bf.
The flashLoan method uses arth.transferFrom to charge fee from borrower.
The issue fix was introduced in commit e6c7312768c9c5eb540dc02d356acd0f02f3b3bf.
The flashLoan method uses arth.transferFrom to charge fee from borrower.
ID-16. Medium: minDepositForPermit is never initialized in USDCCurveStrategy.sol
Description:
The minDepositForPermit state variable of USDCCurveStrategy.sol is never initialized.
The minDepositForPermit state variable of USDCCurveStrategy.sol is never initialized.
Alleviation:
At the time of initial discovery of this issue the USDCCurveStrategy implementation address was 0x122f4530c2c8ed9a7dc4846a155579ede0e23ecb. Since then the MahaDAO team has resolved this issue by deploying a new USDCCurveStrategy implementation (0x9ff6629d08fddaec63b0d855b9c29acdf4dc14e4) with proper minDepositForPermit initialization.
At the time of initial discovery of this issue the USDCCurveStrategy implementation address was 0x122f4530c2c8ed9a7dc4846a155579ede0e23ecb. Since then the MahaDAO team has resolved this issue by deploying a new USDCCurveStrategy implementation (0x9ff6629d08fddaec63b0d855b9c29acdf4dc14e4) with proper minDepositForPermit initialization.
ID-17. Medium: Wrong fee value set in ARTHFlashMinter.sol Description The flashloan fee of the ARTHFlashMinter contract is 100 larger than the value stated in the comments to the source code.
Alleviation:
This issue is acknowledged by the MahaDAO team.
This issue is acknowledged by the MahaDAO team.
You can find full report with other 20+ found potential vulnerabilities in full report on our Github.
Conclusion
We are happy to work with the MahaDAO team to improve smart contract security and build trust for the community and investors. Stay tuned to receive the following security updates soon: Twitter, Telegram!
Appendix
Severity Description
High - Bugs that can trigger a contract failure or theft of assets. Further recovery is possible only by manual modification of the contract state or replacement.
Medium - Bugs that can break the intended contract logic or expose it to DoS attacks, but do not cause direct loss of funds.
Low - Bugs that do not pose significant danger to the project or its users but are recommended to be fixed nonetheless.