Stable Labs is launching new stablecoins. Alongside Euro and USD backed stablecoins, Stable Labs aims to broaden its reach into essential markets such as the Czech Crown and Polish Zloty.
Stable Labs has partnered with Ackee Blockchain for a security assessment of the Stable Labs Token & Treasury contracts, allocating a total of 5 engineering days from June 24 to June 28, 2024.
METHODOLOGY
Our review commenced with static analysis tools, including Wake. Following that, we conducted an in-depth analysis of the contracts’ logic. For testing and fuzzing, we utilized the Wake testing framework.
Throughout the review, we concentrated on:
- verifying the accuracy of the system’s arithmetic,
- identifying potential reentrancy issues in the code,
- ensuring that access controls are neither too lenient nor overly stringent,
- looking out for common problems such as data validation.
SCOPE
The audit was performed on commit 79d08d4, and the exact scope included the following files:
- src/connectorLayer/TreasuryOrchestrator.sol
- src/tokens/StRWA.sol
- src/tokens/StStable.sol
- src/utils/Greenlist.sol
- src/utils/Treasury.sol
FINDINGS
Below are the findings from our audit.
Critical severity
No critical severity issues were identified.
High severity
H1: Wipe logic fails to operate correctly
H2: Tokens are locked due to a missing approval
Medium severity
M1: Ownership renouncement issue
Low severity
L1: Inconsistent revert behavior during transfers
L2: Duplicate entry point in the initialization function
L3: Lack of necessary events
Warning severity
W1: Inconsistent use of msg.sender and _msgSender()
W2: Possible storage conflicts
Information severity
I1: Instances of code duplication
I2: Unused imports found
I3: Events that are not utilized
I4: The encodedReleases mapping is not in use
I5: Similarities in release functions
I6: Vague naming conventions for a function
I7: Inconsistent application of modifiers and checks in function bodies
I8: Inefficient iteration through arrays
CONCLUSION
Our evaluation yielded 16 findings, spanning from Information to High severity. The most significant issues stem from inadequate testing and can typically be uncovered through function execution.
Ackee Blockchain recommends that Stable Labs:
- develop a thorough test suite, preferably including fuzz tests,
- resolve all noted issues.
The complete audit report from Ackee Blockchain for Stable Labs, which includes a more comprehensive review of all findings and recommendations, can be accessed here.
We were pleased to conduct the audit for Stable Labs and eagerly anticipate future collaboration.