Trail of Bits
Audit Open Original ↗

wXTZ

Type

Security review

Client

StakerDAO

Date

2020-11

Domain

Blockchain

Effort

4 wks

Section

Algorand

Trail of Bits's security review of StakerDAO (Nov 2020) identified 13 issues: 2 high, 1 medium, 2 low, and 8 informational.

Findings · 13

  1. 1 Code relies on vulnerable NPM packages Medium
  2. 2 Ganache CLI is configured to listen on all network interfaces Low
  3. 3 Insufficient tests Informational
  4. 4 Insufficient documentation Informational
  5. 5 Calls to runArbitraryValueLambda assume storage does not change Low
  6. 6 Core lacks entry points for tzip-7 admin-only operations Informational
  7. 7 Type confusion in updateLambdas Informational
  8. 8 Insufficient validation of newly created oven owners Informational
  9. 9 A compromised core administrator could steal wXTZ or deposited XTZ Informational
  10. 10 A compromised tzip-7 administrator could steal wXTZ Informational
  11. 11 wXTZ deviates from the tzip-7 specification Informational
  12. 12 Possible race condition when wXTZ owns tokens High
  13. 13 Token holders can double their token balances High

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related