Trail of Bits
Audit Open Original ↗

Dharma Wallet

Type

Security review

Client

Dharma Labs 0age Dharma Labs

Date

2019-10

Domain

Blockchain

Effort

4 wks

Section

Wallet Reviews

Trail of Bits's security review of Dharma Labs 0age Dharma Labs (Oct 2019) identified 17 issues: 1 medium, 6 low, and 10 informational.

Findings · 17

  1. 1 Wallet key reuse is unsafe Medium
  2. 2 setGlobalKey is susceptible to signature replay Informational
  3. 3 Compound’s redeem call failure emits ExternalError with incorrect function name Informational
  4. 4 transferOwnership should be split into two separate functions Informational
  5. 5 Missing validation in contract initialization function Low
  6. 6 Missing error check when calling ecrecover Informational
  7. 7 Missing event logging Informational
  8. 8 ABIEncoderV2 is not production-ready Informational
  9. 9 Solidity compiler optimizations can be dangerous Informational
  10. 10 Solidity 0.5.11 not recommended for production use Informational
  11. 11 Missing validation in DharmaUpgradeBeaconControllerManager Low
  12. 12 Missing validation in DharmaSmartWalletImplementationV2 Low
  13. 13 Rounding errors in external contracts can result in lost tokens Low
  14. 14 Missing timelock interval limit allows for trapping timelocks until the interval is changed Low
  15. 15 setTimelock functionality is inefective for modifyTimelockInterval function Informational
  16. 16 Timelock library is missing expiration functionality Informational
  17. 17 Attacker can increase gas cost of _getSaltAndTarget Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related