Tadle

Summary

The audit has identified that the contract contains functions that allow the owner or related parties to modify token balances. This includes the ability to add token balances for users and update token whitelisting statuses. While such features can be essential for specific use cases like rewards or token distribution, they also introduce significant risks if not properly controlled. Arbitrary or unauthorized modifications to token balances can compromise the integrity of the contract and lead to potential vulnerabilities or manipulation.

Vulnerability Details

• Issue: The contract includes functions that allow the addition of token balances and the modification of token whitelisting, controlled by the owner or related contracts. If these functions are not well-restricted and validated, they can lead to unauthorized balance changes or token manipulation.

• Location:

  • File: /src/interfaces/ITokenManager.sol

    • Line: 30 - 35

  • File: /src/core/TokenManager.sol

    • Line: 113 - 129

    • Line: 197 - 209

    • Line: 216 - 223

  • File: /src/core/PreMarkets.sol

    • Line: 906 - 949

Context:

• ITokenManager: Interface defining token balance management functions.

• TokenManager: Implementation providing functionality to add token balances and update token whitelist statuses.

• PreMarkets: Internal functions that interact with TokenManager to update token balances based on trading activities.

Impact

• Security Risk: Allowing the owner or related contracts to modify token balances without strict controls can result in unauthorized changes, potential manipulation, and impact on user holdings. This can undermine trust in the contract and expose it to vulnerabilities.

• Operational Risk: Uncontrolled balance modifications may lead to unintended consequences, such as inflation, deflation, or imbalanced token distribution.

Recommendations

1. Restrict Access to Token Balance Modifications:

   • Define Use Cases: Ensure that functions allowing token balance modifications are restricted to specific, legitimate use cases such as token distribution or rewards.

   • Access Control: Implement strict access control mechanisms to limit who can call these functions. Consider using role-based access control or multi-signature approvals for sensitive operations.

2. Implement Validation and Safeguards:

   • Validation Mechanisms: Add validation checks to ensure that only authorized actions are performed and that token balance modifications are within expected parameters.

   • Audit Logging: Maintain detailed logs of all token balance modifications, including the caller, amount, and reason for changes. This adds transparency and accountability.

3. Review and Refactor Functions:

   • Review Access Controls: Examine the functions in TokenManager and related contracts to ensure that access is appropriately restricted. For instance:

     • Function: addTokenBalance

       • Current Access: onlyRelatedContracts

       • Recommendation: Review the onlyRelatedContracts modifier to ensure it only allows trusted contracts to call this function.

   • Consider Governance Mechanisms: For critical functions, consider using a governance model where multiple stakeholders must approve significant changes.

4. Enhance Function Modifiers:

   • Modifier Example:

     solidity

     modifier onlyAuthorized() { require(isAuthorized(msg.sender), "Not authorized"); _; } function isAuthorized(address caller) internal view returns (bool) { // Implement authorization logic, e.g., check against a list of approved addresses }

5. Regular Audits and Testing:

   • Conduct Audits: Perform regular audits to review the implementation of balance-modifying functions and ensure that no vulnerabilities exist.

   • Test Extensively: Ensure that functions interacting with token balances are thoroughly tested to prevent unintended side effects or exploits.

Example of Updated Code

Before:

function addTokenBalance( TokenBalanceType _tokenBalanceType, address _accountAddress, address _tokenAddress, uint256 _amount ) external onlyRelatedContracts(tadleFactory, _msgSender()) { userTokenBalanceMap[_accountAddress][_tokenAddress][_tokenBalanceType] += _amount; emit AddTokenBalance(_accountAddress, _tokenAddress, _tokenBalanceType, _amount); }

After:

function addTokenBalance( TokenBalanceType _tokenBalanceType, address _accountAddress, address _tokenAddress, uint256 _amount ) external onlyAuthorized { // Add validation to ensure amount is reasonable and account is eligible require(_amount > 0, "Invalid amount"); userTokenBalanceMap[_accountAddress][_tokenAddress][_tokenBalanceType] += _amount; emit AddTokenBalance(_accountAddress, _tokenAddress, _tokenBalanceType, _amount); }

Additional Security:

modifier onlyAuthorized() { // Implement logic to check if the caller is authorized to modify token balances require(msg.sender == owner || msg.sender == authorizedContract, "Not authorized"); _; } // Example of adding authorization logic address public authorizedContract;

Conclusion

The ability for owners or related contracts to modify token balances requires careful control and validation. By restricting access, implementing rigorous safeguards, and using governance mechanisms, you can mitigate the risks associated with token balance modifications. Regular audits and testing are essential to ensure the contract's integrity and security.