JonesDAO
Smart Contract Audit Report
Audit Summary
JonesDAO is releasing a series of Vault and Strategy contracts to maximize returns and yield farming.
For this audit, we reviewed the following contracts on the Arbitrum Mainnet:
- JonesERC20VaultV3 contract at 0xF46Ce0C13577232D5F29D9Bd78a9Cab278755346.
- JonesDPXVaultV3 contract at 0x5BA98Ad75AB87eB90fFc2b680bCfC6b9030E1246.
- JonesWETHVaultV3Adapter contract at 0xbcb55BDb669E756e982169c19C20C987c26F3C2D.
- JonesSSOVCallV3Strategy contract at 0xCB75dd494b0205aC57e19B14d1ab5AE599637D86.
- JonesSSOVPutV3Strategy contract at 0x43c95252c20E98AE16d7Da51a6b42E9BD335A6cD.
Audit Findings
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: May 16th, 2022.
Updated: May 26th, 2022 with Mainnet addresses and implementation of an emergencyReturn() function in the JonesWETHVaultV3Adapter contract.Finding #1 - JonesWETHVaultV3Adapter - High (Resolved)
Description: The contract contains a receive() function but no method to withdraw any ETH sent directly to the contract.
Risk/Impact: Any ETH sent directly to the contract will be locked in the contract.
Recommendation: The receive() function should be removed or a function to withdraw ETH in the contract should be implemented.
Resolution: The team has implemented an emergencyReturn() function to withdraw any ETH accidentally sent to the contract.
Contracts Overview
JonesERC20VaultV3 Contract:
- The contracts are implemented using the Authorizable permission scheme.
- This allows the contract owner to set various "roles" within the contract where each role potentially has different permissions.
- The team must exercise caution when adding a fee-on-transfer token as a Vault asset token; if a fee-on-transfer token is used the Vault must be excluded from fees.
- The contracts are written in Solidity version 0.8.X so they are protected from underflow/overflow.
- The contracts utilize ReentrancyGuard where appropriate.
JonesDPXVaultV3 Contract:
- Once after deployment, any address with the Governor role may trigger the Vault's "initial run"; this will set the Vault state to unmanaged and set the initial asset and shares amounts.
- When the Vault is in the unmanaged state, anyone may deposit a specified asset token into the Vault contract up to the "vault cap". In return, the user will be minted share tokens representing shares proportional to the ratio of the last recorded supply of asset tokens to shares tokens.
- Contracts may only deposit into the Vault if they are on the whitelist.
- This contract must be able to mint in the shares token contract or deposits will fail.
- When the Vault is in the unmanaged state, users may request a withdrawal; the specified number of shares tokens will be burned for the proportional ratio of the asset token from the Vault.
- Users may also request to withdraw a specified amount of asset tokens where the Vault will burn the proportional number of shares tokens.
- The Vault must have sufficient asset tokens or withdrawals will fail.
- When the Vault is in the unmanaged state, any address with the Governor role may open the "management window".
- Opening the management window will set the Vault state to managed and record the Vault's current supply of asset tokens and the total supply of share tokens.
- When the Vault is in the managed state, any address with the Governor role may close the management window.
- If fees are enabled, closing the management window will trigger a fee collection; the FeeDistributor will be transferred 0.167% of the last recorded asset balance.
- The FeeDistributor contract was out of the scope of this audit so we are unable to give an assessment with regard to security.
- If the Vault's asset token balance is greater than the last recorded balance, 20% of the difference will be transferred to a FeeDistributor contract.
- Closing the management window will set the Vault state to unmanaged and record the Vault's current supply of asset tokens and the total supply of share tokens.
- When the Vault is in the managed state, any address with the Strategies role may withdraw any amount of the asset token from the contract.
- When the Vault is in the managed state, any address with the Strategies role may transfer the Vault any amount of the asset token.
- Any address with the Governor role may add or remove any address from the Strategies role at any time.
- Any address with the Governor role may add or remove any address from the whitelist at any time.
- Any address with the Governor role may migrate funds, transferring the total balance of any token and all ETH from the contract to the destination address, at any time.
- Any address with the Governor role may update the vault cap and toggle fees at any time.
- Any address with the Governor role may update the fee distributor address at any time.
JonesWETHVaultV3Adapter Contract:
- This contract is used to manage staking and unstaking from a Dopex (DPX) Farm.
- Once after deployment, any address with the Governor role may trigger the Vault's initial run; this will set the Vault state to unmanaged and set the initial asset and shares amounts.
- When the Vault is in the unmanaged state, anyone may deposit a specified asset token into the Vault contract up to the vault cap. In return, the user will be minted share tokens representing shares proportional to the ratio of the last recorded supply of asset tokens to shares tokens.
- Contracts may only deposit into the Vault if they are on the whitelist.
- If this contract is on the Farm's whitelist, each deposit will cause all of the asset tokens within the contract to be staked in the Farm.
- This contract must be able to mint in the shares token contract or deposits will fail.
- When the Vault is in the unmanaged state, users may request a withdrawal; the specified number of shares tokens will be burned for the proportional ratio of the asset token from the Vault.
- Users may also request to withdraw a specified amount of asset tokens where the Vault will burn the proportional number of shares tokens.
- The Vault must have sufficient asset tokens or withdrawals will fail.
- When the Vault is in the unmanaged state, any address with the Governor role may open the management window.
- Opening the management window will withdraw any deposited asset tokens from the Farm and claim any available rewards.
- The Vault state will be set to managed and the Vault's current supply of asset tokens and the total supply of share tokens will be recorded.
- When the Vault is in the managed state and the contract's reward token balance is below the threshold, any address with the Governor role may close the management window.
- If fees are enabled, closing the management window will trigger a fee collection; the FeeDistributor will be transferred 0.167% of the last recorded asset balance.
- The FeeDistributor contract was out of the scope of this audit so we are unable to give an assessment with regard to security.
- If the Vault's asset token balance is greater than the last recorded balance, 20% of the difference will be transferred to a FeeDistributor contract.
- Closing the management window will deposit the contract's asset token balance into the Farm, set the Vault state to unmanaged, and record the Vault's current supply of asset tokens and the total supply of share tokens.
- When the Vault is in the managed state, any address with the Governor role may sell the contract's accumulated rewards tokens for asset tokens.
- The Governor may specify the minimum amount of asset tokens to receive from the swaps to account for fluctuations in price.
- When the Vault is in the managed state, any address with the Strategies role may withdraw any amount of the asset token from the contract.
- When the Vault is in the managed state, any address with the Strategies role may transfer the Vault any amount of the asset token.
- Any address with the Governor role may stake and unstake any amount of the asset token from the Farm at any time; they may optionally claim rewards when unstaking.
- Any address with the Governor role may add or remove any address from the Strategies role at any time.
- Any address with the Governor role may add or remove any address from the whitelist at any time.
- Any address with the Governor role may migrate funds, transferring the total balance of any token and all ETH from the contract to the destination address, at any time.
- Any address with the Governor role may update the vault cap, rewards tolerance, and toggle fees at any time.
- Any address with the Governor role may update the fee distributor address at any time.
JonesSSOVCallV3Strategy Contract:
- This contract allows users to interact with a Jones wETH vault using ETH.
- Any user may deposit ETH into this contract; the ETH will be converted into wETH and deposited into the corresponding vault on behalf of the user.
- The wETH Vault will mint the user share tokens representing shares proportional to the total value they are contributing to the pool.
- Contracts may only deposit if they are on the whitelist.
- Users may request a withdrawal at any time; the specified number of shares tokens will be transferred from the user to the contract.
- The contract will request to redeem the shares tokens. If the redemption is successful, the wETH received will be converted back to ETH and subsequently transferred back to the user.
- The owner may update the Vault and shares token address at any time.
JonesSSOVPutV3Strategy Contract:
- This contract is used to purchase options from a DPX Single Staking Option Vault (SSOV) with funds from an associated Vault; the Vault is not specified upon deployment and must be manually set by the team.
- If the Vault has been set, any address with the Keeper role may withdraw any amount of tokens from the Vault at any time.
- If the Vault has been set, any address with the Keeper role may deposit all of the asset tokens within the contract to the Vault at any time.
- Any address with the Keeper role may deposit any amount of the asset token from the contract into the SSOV at the specified strike.
- Depositing tokens into the SSOV is equivalent to offering an option at the specified strike.
- Any address with the Keeper role may purchase any amount of options at the specified strike; DPX SSOVs offer 3 strikes based on the asset's current value.
- After the tokens' epoch has ended, any address with the Keeper role may withdraw the deposited tokens from the SSOV.
- Any address with the Keeper role may settle the contract's epochs; this will exercise any of the options where the contract has the corresponding "strike tokens" and there is a net gain on the position.
- The contract's strike token balance is determined using an "SSOV Viewer" contract; the viewer contract was out of the scope of this audit so we cannot provide an assessment with regard to security.
- Any address with the Keeper role may swap any token in the contract for the asset token at any time.
- The Keeper may specify the minimum amount of asset tokens to receive from the swap to account for fluctuations in price.
- Any address with the Governor role may grant and revoke the Keeper role from any address at any time.
- If the Vault has not already been set, any address with the Governor role may set the Vault address at any time.
- If the Vault has been set, any address with the Governor role may "detach" from the current Vault; this will deposit any of the asset tokens in the contract into and unset the Vault.
- Any address with the Governor role may migrate funds, transferring the total balance of any token, all ETH, and NFTs from the contract to the destination address, at any time.
- Any address with the Governor role may update the SSOV address at any time.
- This contract is used to purchase options from a DPX Single Staking Option Vault (SSOV) with funds from an associated Vault; the Vault is not specified upon deployment and must be manually set by the team.
- If the Vault has been set, any address with the Keeper role may withdraw any amount of tokens from the Vault at any time.
- If the Vault has been set, any address with the Keeper role may deposit all of the asset tokens within the contract to the Vault at any time.
- Any address with the Keeper role may deposit any amount of the asset token from the contract into the SSOV at the specified strike.
- Depositing tokens into the SSOV is equivalent to offering an option at the specified strike.
- Any address with the Keeper role may purchase any amount of options at the specified strike; DPX SSOVs offer 3 strikes based on the asset's current value.
- After the tokens' epoch has ended, any address with the Keeper role may withdraw the deposited tokens from the SSOV.
- Any address with the Keeper role may settle the contract's epochs; this will exercise any of the options where the contract has the corresponding strike tokens and there is a net gain on the position.
- The contract's strike token balance is determined using an "SSOV Viewer" contract; the viewer contract was out of the scope of this audit so we cannot provide an assessment with regard to security.
- Any address with the Keeper role may swap any amount of the asset token for USDC or USDT which is subsequently used to add liquidity to a Curve pool.
- Any address with the Keeper role may remove liquidity from the Curve pool; they may also convert the received tokens back to the asset token.
- Any address with the Keeper role may swap any USDC in the contract for the asset token at any time.
- The Keeper may specify the minimum amount of asset tokens to receive from the swaps to account for fluctuations in price.
- Any address with the Governor role may grant and revoke the Keeper role from any address at any time.
- If the Vault has not already been set, any address with the Governor role may set the Vault address at any time.
- If the Vault has been set, any address with the Governor role may "detach" from the current Vault; this will deposit any of the asset tokens in the contract into and unset the Vault.
- Any address with the Governor role may migrate funds, transferring the total balance of any token, all ETH, and NFTs from the contract to the destination address, at any time.
- Any address with the Governor role may update the SSOV address at any time.
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Jump/Storage Write | N/A | PASS |
Centralization of Control |
| WARNING |
Compiler Issues | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Ether/Token Theft | N/A | PASS |
Flash Loans | N/A | PASS |
Front Running | N/A | PASS |
Improper Events | N/A | PASS |
Improper Authorization Scheme | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Logical Issues | N/A | PASS |
Oracle Issues | N/A | PASS |
Outdated Compiler Version | N/A | PASS |
Race Conditions | N/A | PASS |
Reentrancy | N/A | PASS |
Signature Issues | N/A | PASS |
Unbounded Loops | N/A | PASS |
Unused Code | N/A | PASS |
Overall Contract Safety | PASS |
Contract Source Summary and Visualizations
Name | Address/Source Code | Visualized |
JonesERC20VaultV3 | ||
JonesDPXVaultV3 | ||
JonesWETHVaultV3Adapter | ||
JonesSSOVCallV3Strategy | ||
JonesSSOVPutV3Strategy |
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.