Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Initia>Threat Model>Module code.move
GeneralOverview
Findings
Critical (3)
High (12)
Medium (4)
Low (9)
Informational (3)
DiscussionGeneral DiscussionImprove AMM testsBridge executor minting powerCharge before using valuesEmpty allowed_publishers array allows every address to publishERC20Keeper with custom contractsSuggestions for additional security checksTable handle overflow leads to abort
Threat ModelWhat are threat models?
stdlibModule block.moveModule table.moveModule event.moveModule type_info.moveModules any.move and copyable_any.moveModule address.moveModule cosmos.moveModule multisig.moveModule object.moveModule transaction_context.moveModule debug.moveModule table_key.moveModule account.moveModule base64.moveModule hex.moveModule from_bcs.moveModule json.moveModule oracle.moveModule code.moveModule zapping.moveModule dex.moveModule reward.moveModule comparator.moveModule managed_coin.moveModules decimal128.move and decimal256.moveModule string_utils.move
Audit ResultsSummary
AppendixProof of concept: Reference safety verifier bypass

Module code.move

This module exposes functions that allow to publish and upgrade other modules.

Function: set_allowed_publishers

This function can only be called by the special @initia_std address. It can be used to set the allowlist of addresses that are allowed to publish new modules.

Inputs

  • chain: &signer

    • Validation: Must be @initia_std.

    • Impact: Used to verify the call is authorized.

  • allowed_publishers: vector<address>

    • Validation: If empty, publishing is not restricted; otherwise, the list must contain @initia_std.

    • Impact: List of allowed publishers.

Function: publish

This function can be used by an allowed publisher to publish or upgrade a module.

Inputs

  • owner: &signer

    • Validation: Must be an authorized publisher and the owner of the module.

    • Impact: Used to authorize the operation.

  • module_ids: vector<String>

    • Validation: Must match the IDs of the modules provided in the code argument.

    • Impact: Used to efficiently check the modules upgrade policy.

  • code: vector<vector<u8>>

    • Validation: Must be a valid module, and the IDs much match with module_ids.

    • Impact: The code of the modules to be published or upgraded.

  • upgrade_policy: u8

    • Validation: Must be greater than zero. Could be further restricted to be at most two (not and exploitable issue). Must be compatible with the existing upgrade policy if upgrading a package.

    • Impact: New upgrade policy for the published packages.

Zellic © 2024Back to top ↑