Michi Protocol

Smart Contract Audit Report

Executive Summary

This report presents the outcomes of our collaborative engagement with the Michi Protocol team, focusing on the comprehensive evaluation of the MichiHelper and MichiWalletNFT contracts.

Our team conducted an initial security assessment from March 18th to March 20th, 2024. On March 22nd, our team amended this report to reflect changes made to the contracts to resolve the findings we had identified during our initial review from commit 91d0693 to commit 51260f5.

Michi Protocol allows users to mint NFTs and add them to an ERC-6551 Registry. An ERC-6551 Registry creates an account bound to a minted NFT. This allows the account owner to execute arbitrary logic related to the NFT. Some potential use cases include allowing an account owner to maintain various token assets associated with the NFT, the NFT holder maintaining additional NFTs such as in a WEB3 based game, and many other possible use cases.

Audit Scope

Name	Source Code	Visualized
MichiHelper	`51260f5`	Inheritance Chart. Function Graph.
MichiWalletNFT	`51260f5`	Inheritance Chart. Function Graph.

Name/Source Code	Visualized
MichiHelper `51260f5`	Inheritance Chart. Function Graph.
MichiWalletNFT `51260f5`	Inheritance Chart. Function Graph.

Audit Findings

All findings have been resolved, though some centralized aspects are present.

Finding #1	MichiHelper	HighResolved
Finding #1 - MichiHelper HighResolved
Description: The contract intends to allow users to mint any number of MICHI NFTs. In order to do so users provide ETH to the createWallet() function in the MichiHelper. The entire msg.value is sent to the MichiNFT contract. `function createWallet(uint256 quantity) external payable { for (uint256 i = 0; i < quantity; i++) { uint256 currentIndex = michiWalletNFT.getCurrentIndex(); michiWalletNFT.mint{value: msg.value}(msg.sender); ... } }` The MichiNFT contract then requires that the msg.value is equal to the minting cost: `function mint(address to) external payable { if (msg.value != mintPrice) revert InvalidPayableAmount(msg.value); ... }` Risk/Impact: This will lead to a DOS if users attempt to mint more than one NFT at once as the total msg.value in the createWallet() function cannot be equal to both the minting cost for each NFT as well as the total cost for minting the specified number of NFTs. Recommendation: The team should calculate the total cost of minting the specified number of NFTs and ensure the msg.value is correct in the createWallet() function. The individual minting cost should then be passed into the mint() function for each NFT being minted. Resolution: The team has implemented the above recommendation.
Finding #2	MichiHelper	LowResolved
Finding #2 - MichiHelper LowResolved
Description: The contract includes an approved tokens mapping. This is intended to limit the types of tokens users are able to deposit into their account through this contract. However, there is no validation in the deposit function requiring the tokens being deposited are approved. Risk/Impact: Users will be able to circumvent the approved tokens mapping allowing them to deposit any token whether or not it is approved. Recommendation: The team should validate the token specified in the depositToken() function is an approved token. Resolution: The team has implemented the above recommendation.
Finding #3	MichiHelper	LowAcknowledged
Finding #3 - MichiHelper LowAcknowledged
Description: The contract allows users to deposit tokens into their account through this contract. A fee is taken if the takeFee parameter is true in the depositToken() function. Risk/Impact: Users are given the option to pay a fee or not. There is no reason for a user to voluntarily pay this fee and thus will never have a fee taken. Recommendation: The team should implement a state variable to determine whether fees are currently being taken. Alternatively, another method can be implemented to determine whether a fee should be taken based on the user, token, etc. Resolution: The team intends to distribute rewards to users who pay the fee and as such the opt in functionality is intended.

System Overview

The MichiHelper contract is used to mint MICHI NFTs and register them in an ERC-6551 Registry contract. Any user may mint any amount of NFTs by paying the mint fee for each NFT minted. The owner may set the mint price to any value at any time. The Registry creates an account bound to the NFT and allows the account to execute arbitrary logic. However, the Registry contract is outside the scope of this logic so we are unable to give an assessment in regard to security.

Users may also use this contract to deposit tokens into the account associated with an NFT. A fee is taken and sent to the FeeReceiver address if the takeFee parameter is true. The tokens that may be deposited is intended to be limited to approved tokens, however due to logical issues users may deposit any token.

Vulnerability Analysis

Vulnerability Category	Notes	Result
Arbitrary Jump/Storage Write	N/A	PASS
Centralization of Control	The MichiNFT owner may set the minting cost to any value. The MichiHelper owner may update the ERC-6551 proxy and implementation addresses. The MichiHelper owner may set the deposit token fee up to 500. This value is relative as the fee precision is determined upon deployment. The MichiHelper owner may add and remove any tokens from the approved tokens mapping.	WARNING
Compiler Issues	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Ether/Token Theft	N/A	PASS
Flash Loans	N/A	PASS
Front Running	N/A	PASS
Improper Events	N/A	PASS
Improper Authorization Scheme	N/A	PASS
Integer Over/Underflow	N/A	PASS
Logical Issues	N/A	PASS
Oracle Issues	N/A	PASS
Outdated Compiler Version	N/A	PASS
Race Conditions	N/A	PASS
Reentrancy	N/A	PASS
Signature Issues	N/A	PASS
Sybil Attack	N/A	PASS
Unbounded Loops	N/A	PASS
Unused Code	N/A	PASS
Overall Contract Safety		PASS

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.

Go Home