ROOT Protocol
Smart Contract Audit Report
Audit Summary
ROOT Protocol is building a new platform where NFT holders can earn rewards along with a new token locking and vesting system.
For this audit, we reviewed the project team's RNFTV2, VEROOT, ESROOT, and ROOT contracts at commit 9908cf6a934629494c22b006d37933efdbe3701d on the team's private GitHub repository.
Audit Findings
An Informational finding was identified and the team may want to review it. In addition, some centralized aspects are present.
Date: June 28th, 2023.Finding #1 - VEROOT - Informational
Description: TheLockWithdrawnevent can never be emitted in the _withdrawLock() function as the function's return statement will always be executed prior to emitting the event.
Recommendation: The team should modify the logic in the _withdrawLock() function to emit theLockWithdrawnevent prior to executing the function's final return statement.
Contracts Overview
RNFTV2 Contract:RewardDistributor Contract:
- This contract can be used by authorized Minter addresses to mint Genesis root v2 NFTs to destination addresses.
- The owner can add/remove any address as an authorized minter at any time.
- The maximum supply set by the team upon deployment may not be exceeded during minting.
- The contract implements ERC-2981 functionality that supports the use of Royalties that can be used with NFT marketplaces.
- Any user can specify any of their currently owned RNFTV1 NFTs to migrate at any time. The specified V1 NFT is transferred to this contract and an RNFTV2 NFT is minted to the caller using the same token ID.
- The owner can update the default royalty percentage and destination address at any time.
- The owner can update the Base URI and Placeholder URI of the contract at any time.
- The owner can enable/disable the use of the Placeholder URI at any time.
VEROOT Contract:
- This contract can be used by the owner to distribute rewards that can be claimed by RNFTV2 NFT holders.
- The owner can specify any address to add as a reward token to the platform at any time.
- The owner can specify an amount of any active reward token to deposit into the contract to be distributed as rewards. The rewards are divided evenly across the maximum supply of V2 NFTs.
- Any user can initiate a claim for a single reward token by specifying any of their owned NFTs and the reward token address.
- The number of tokens sent to the user is calculated as the difference between the total rewards per token and the current debt value assigned to the NFT.
- Any user can specify any of their owned V2 NFTs to claim all available rewards across all reward tokens.
- The team must exercise caution when adding reward tokens to not add an ERC-777 compliant token as this could introduce reentrancy to the platform.
ESROOT Contract:
- The deployer will specify the LP token address, the first epoch time, the duration of each epoch, and the number of epochs each lock lasts.
- Any user can initiate a lock by specifying a number of tokens to lock and an address on behalf of which these tokens will be locked.
- The specified number of tokens are transferred from the caller to the contract. The caller must grant the contract a sufficient allowance in order for the transfer to successfully occur.
- If a hyper-lock is not currently active the contract's default weight of 10,000 is applied to the lock. If a hyper-lock is currently active, the weight of the hyper-lock (set by the owner) is used.
- If the specified user's last lock was created in the current epoch, has not been renewed, and has the same weight, the last lock amount is increased by the newly locked amount.
- If the above conditions are not met, a new lock is created on behalf of the user.
- The user's balance and the contract's total supply are increased by the locked amount.
- A user can specify any of their non-expired locks to renew at any time. If the specified lock has expired, it will not be renewed and its weight property will automatically be set to 10,000. The start property of the lock will be set to the next epoch.
- Users can specify any of their locks to fully withdraw after their expiration time has passed. If the lock's expiration time has not passed, the migration process must have been initiated by the team in order for the withdraw to successfully occur.
- Users also have the option to withdraw all of their locks in a single transaction.
- The owner can enable a hyper-lock period by specifying its end time and a weight that will be applied to all locks created during the period.
- The owner can manually end a hyper-lock period at any time.
- The owner can start the migration process at any time. When started, all current locks may be withdrawn and new locks are prohibited from being created.
- The owner can withdraw any tokens besides the contract's LP tokens from the contract at any time.
- The team should exercise caution when setting the LP token as to not use a fee-on-transfer token as they are not supported in the platform.
ROOT Contract:
- The deployer will specify the ROOT token address, the instant redemption rate, and the vesting period in seconds upon deployment.
- The owner can add/remove any address as an authorized Minter at any time.
- Any authorized Minter address can mint any number of tokens to any address at any time. An equivalent amount of root tokens are transferred from the caller to the contract. The caller must grant the contract a sufficient allowance in order for the transfer to successfully occur.
- The owner can add/remove any address as an authorized Sender at any time.
- In order for a transfer to be successfully executed, the user initiating the transfer must be an authorized Sender.
- Any user can initiate a vest by specifying an amount of ESROOT tokens and an address that the vest will belong to. The specified number of ESROOT tokens are instantly burned.
- Users that have active vests can claim any tokens due to them at any time. If the full vesting period has passed, the full number of ROOT tokens are transferred from the contract to the caller.
- If the full vesting duration has not yet passed, the number of tokens sent to the user is proportional to how much time has passed in the vesting schedule.
- Users can execute an instant redemption by specifying a number of ESROOT tokens that will be instantly burned. The user will receive a number of ROOT tokens based on the contract's redemption rate percentage. The remaining tokens are burned.
- The owner can withdraw any tokens from the contract at any time. The team must ensure the contract has a sufficient ROOT token balance to support all claims.
- The owner can migrate the current ROOT token address to a new ROOT token address at any time. The contract's balance of the updated ROOT token must exceed the contract's balance of the previous ROOT token.
- The owner can grant a mint allowance to any address at any time.
- Any address that has been granted a mint allowance can mint tokens to any address up to their full allowance.
- Any user can burn their own tokens to reduce the total supply.
- The contract contains logic that enables users to transfer tokens to another address on a specified chain.
- An OFT fee is charged on cross-chain transfers and sent to the Fee owner address set by the team.
- During transfers, the sender can specify a minimum amount of tokens that must be sent to the recipient in order for the transfer to successfully occur.
- The owner can set the default OFT fee to any percentage at any time.
- The owner can set the OFT fee percentage for a specified destination chain to any percentage at any time.
- The owner can update the Fee owner address to any address at any time.
- The owner can update the path used for cross-chain communication at any time.
- The owner can update the remote address used for a specific chain ID at any time.
- The owner can set the Precrime address to any address at any time.
- The owner can set a minimum gas limit for a specific destination chain ID and packet type to any value greater than zero at any time.
- The owner can set a payload size limit for a specific destination chain to any value at any time.
- The owner can enable/disable the use of the contract's custom adapter parameters during the sending process at any time.
- The owner can update the configuration, send version, receive version, and execute a force-resume receive transaction in the lzEndpoint contract at any time. The lzEndpoint contract was out of scope for this audit so our team is unable to provide an assessment with regard to its security.
- Blacklisted accounts are prohibited from participating in transfers and minting.
- The owner can add/remove any address from the blacklist at any time.
- The owner can increase/decrease a user's mint allowance at any time.
- The owner can withdraw any tokens from the contract at any time.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Jump/Storage Write | N/A | PASS |
| Centralization of Control |
|
WARNING |
| Compiler Issues | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Ether/Token Theft | N/A | PASS |
| Flash Loans | N/A | PASS |
| Front Running | N/A | PASS |
| Improper Events | N/A | PASS |
| Improper Authorization Scheme | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Oracle Issues | N/A | PASS |
| Outdated Compiler Version | N/A | PASS |
| Race Conditions | N/A | PASS |
| Reentrancy | N/A | PASS |
| Signature Issues | N/A | PASS |
| Sybil Attack | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unused Code | N/A | PASS |
| Overall Contract Safety | PASS |
RNFTV2 Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] setApprovalForAll #
- [Ext] getApproved
- [Ext] isApprovedForAll
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ ERC721Holder (IERC721Receiver)
- [Pub] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Math
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] max
- [Int] min
- [Int] average
- [Int] ceilDiv
- [Int] mulDiv
- [Int] mulDiv
- [Int] sqrt
- [Int] sqrt
- [Int] log2
- [Int] log2
- [Int] log10
- [Int] log10
- [Int] log256
- [Int] log256
+ [Lib] SignedMath
- [Int] max
- [Int] min
- [Int] average
- [Int] abs
+ [Lib] Strings
- [Int] toString
- [Int] toStringSigned
- [Int] toHexString
- [Int] toHexString
- [Int] toHexString
- [Int] equal
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ [Int] IERC20Errors
+ [Int] IERC721Errors
+ [Int] IERC1155Errors
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata, IERC721Errors)
- [Pub] #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _ownerOf
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Int] _setApprovalForAll #
- [Int] _requireMinted
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
- [Int] __unsafe_increaseBalance #
+ [Int] IERC2981 (IERC165)
- [Ext] royaltyInfo
+ ERC2981 (IERC2981, ERC165)
- [Pub] supportsInterface
- [Pub] royaltyInfo
- [Int] _feeDenominator
- [Int] _setDefaultRoyalty #
- [Int] _deleteDefaultRoyalty #
- [Int] _setTokenRoyalty #
- [Int] _resetTokenRoyalty #
+ ERC721Royalty (ERC2981, ERC721)
- [Pub] supportsInterface
- [Int] _burn #
+ [Int] IRNFTV1 (IERC721)
- [Ext] seed
- [Ext] originalOwner
- [Ext] ownedTokens
- [Ext] hasOwnedToken
- [Ext] totalSupply
+ RNFTV2 (ERC721Royalty, ERC721Holder, Ownable)
- [Pub] #
- modifiers: ERC721,Ownable
- [Ext] mint #
- [Int] _mintV2 #
- [Int] _afterTokenTransfer #
- [Ext] setBaseURI #
- modifiers: onlyOwner
- [Ext] setRoyalty #
- modifiers: onlyOwner
- [Ext] setPlaceholderURI #
- modifiers: onlyOwner
- [Ext] setUsePlaceholderURI #
- modifiers: onlyOwner
- [Pub] tokenURI
- [Ext] setMinter #
- modifiers: onlyOwner
- [Ext] getUserTokens
- [Ext] migrateBatch #
- [Int] _migrate # VEROOT Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ VEROOT (Ownable)
- [Pub] #
- modifiers: Ownable
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalLockers
- [Ext] userLockCount
- [Pub] currentEpoch
- [Ext] activeWeightedBalanceOf
- [Ext] getUserLock
- [Ext] createLock #
- [Int] _renewLock #
- [Ext] renewLock #
- [Ext] renewAllLocks #
- [Int] _withdrawLock #
- [Ext] withdrawLock #
- [Ext] withdrawAllExpiredLocks #
- [Ext] startMigration #
- modifiers: onlyOwner
- [Ext] setHyperLock #
- modifiers: onlyOwner
- [Ext] endHyperLock #
- modifiers: onlyOwner
- [Ext] emergencyWithdraw #
- modifiers: onlyOwner ESROOT and ROOT Contracts
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ [Int] IERC20Errors
+ [Int] IERC721Errors
+ [Int] IERC1155Errors
+ ERC20 (Context, IERC20, IERC20Metadata, IERC20Errors)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _update #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _approve #
- [Int] _spendAllowance #
+ [Int] ILayerZeroReceiver
- [Ext] lzReceive #
+ [Int] ILayerZeroUserApplicationConfig
- [Ext] setConfig #
- [Ext] setSendVersion #
- [Ext] setReceiveVersion #
- [Ext] forceResumeReceive #
+ [Int] ILayerZeroEndpoint (ILayerZeroUserApplicationConfig)
- [Ext] send ($)
- [Ext] receivePayload #
- [Ext] getInboundNonce
- [Ext] getOutboundNonce
- [Ext] estimateFees
- [Ext] getChainId
- [Ext] retryPayload #
- [Ext] hasStoredPayload
- [Ext] getSendLibraryAddress
- [Ext] getReceiveLibraryAddress
- [Ext] isSendingPayload
- [Ext] isReceivingPayload
- [Ext] getConfig
- [Ext] getSendVersion
- [Ext] getReceiveVersion
+ [Lib] BytesLib
- [Int] concat
- [Int] concatStorage #
- [Int] slice
- [Int] toAddress
- [Int] toUint8
- [Int] toUint16
- [Int] toUint32
- [Int] toUint64
- [Int] toUint96
- [Int] toUint128
- [Int] toUint256
- [Int] toBytes32
- [Int] equal
- [Int] equalStorage
+ LzApp (Ownable, ILayerZeroReceiver, ILayerZeroUserApplicationConfig)
- [Pub] #
- [Pub] lzReceive #
- [Int] _blockingLzReceive #
- [Int] _lzSend #
- [Int] _checkGasLimit
- [Int] _getGasLimit
- [Int] _checkPayloadSize
- [Ext] getConfig
- [Ext] setConfig #
- modifiers: onlyOwner
- [Ext] setSendVersion #
- modifiers: onlyOwner
- [Ext] setReceiveVersion #
- modifiers: onlyOwner
- [Ext] forceResumeReceive #
- modifiers: onlyOwner
- [Ext] setTrustedRemote #
- modifiers: onlyOwner
- [Ext] setTrustedRemoteAddress #
- modifiers: onlyOwner
- [Ext] getTrustedRemoteAddress
- [Ext] setPrecrime #
- modifiers: onlyOwner
- [Ext] setMinDstGas #
- modifiers: onlyOwner
- [Ext] setPayloadSizeLimit #
- modifiers: onlyOwner
- [Ext] isTrustedRemote
+ [Lib] ExcessivelySafeCall
- [Int] excessivelySafeCall #
- [Int] excessivelySafeStaticCall
- [Int] swapSelector
+ NonblockingLzApp (LzApp)
- [Pub] #
- modifiers: LzApp
- [Int] _blockingLzReceive #
- [Int] _storeFailedMessage #
- [Pub] nonblockingLzReceive #
- [Int] _nonblockingLzReceive #
- [Pub] retryMessage ($)
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] ICommonOFT (IERC165)
- [Ext] estimateSendFee
- [Ext] estimateSendAndCallFee
- [Ext] circulatingSupply
- [Ext] token
+ [Int] IOFTReceiverV2
- [Ext] onOFTReceived #
+ OFTCoreV2 (NonblockingLzApp)
- [Pub] #
- modifiers: NonblockingLzApp
- [Pub] callOnOFTReceived #
- [Pub] setUseCustomAdapterParams #
- modifiers: onlyOwner
- [Int] _estimateSendFee
- [Int] _estimateSendAndCallFee
- [Int] _nonblockingLzReceive #
- [Int] _send #
- [Int] _sendAck #
- [Int] _sendAndCall #
- [Int] _sendAndCallAck #
- [Int] _isContract
- [Int] _checkAdapterParams #
- [Int] _ld2sd
- [Int] _sd2ld
- [Int] _removeDust
- [Int] _encodeSendPayload
- [Int] _decodeSendPayload
- [Int] _encodeSendAndCallPayload
- [Int] _decodeSendAndCallPayload
- [Int] _addressToBytes32
- [Int] _debitFrom #
- [Int] _creditTo #
- [Int] _transferFrom #
- [Int] _ld2sdRate
+ [Int] IOFTWithFee (ICommonOFT)
- [Ext] sendFrom ($)
- [Ext] sendAndCall ($)
+ Fee (Ownable)
- [Pub] #
- [Pub] setDefaultFeeBp #
- modifiers: onlyOwner
- [Pub] setFeeBp #
- modifiers: onlyOwner
- [Pub] setFeeOwner #
- modifiers: onlyOwner
- [Pub] quoteOFTFee
- [Int] _payOFTFee #
- [Int] _transferFrom #
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ BaseOFTWithFee (OFTCoreV2, Fee, ERC165, IOFTWithFee)
- [Pub] #
- modifiers: OFTCoreV2
- [Pub] sendFrom ($)
- [Pub] sendAndCall ($)
- [Pub] supportsInterface
- [Pub] estimateSendFee
- [Pub] estimateSendAndCallFee
- [Pub] circulatingSupply
- [Pub] token
- [Int] _transferFrom #
+ OFTWithFee (BaseOFTWithFee, ERC20)
- [Pub] #
- modifiers: ERC20,BaseOFTWithFee,Ownable
- [Pub] circulatingSupply
- [Pub] token
- [Int] _debitFrom #
- [Int] _creditTo #
- [Int] _transferFrom #
- [Int] _ld2sdRate
+ ROOT (OFTWithFee)
- [Pub] #
- modifiers: OFTWithFee
- [Pub] sendFrom ($)
- [Int] _transfer #
- [Ext] mint #
- [Ext] burn #
- [Ext] setBlacklistStatus #
- modifiers: onlyOwner
- [Ext] setMintAllowance #
- modifiers: onlyOwner
- [Ext] incrementMintAllowance #
- modifiers: onlyOwner
- [Ext] decrementMintAllowance #
- modifiers: onlyOwner
- [Ext] emergencyWithdraw #
- modifiers: onlyOwner
+ ESROOT (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20,Ownable
- [Ext] mint #
- [Int] _transfer #
- [Ext] setMinter #
- modifiers: onlyOwner
- [Ext] setSender #
- modifiers: onlyOwner
- [Ext] instantRedemption #
- [Ext] vest #
- [Pub] claimable
- [Ext] claimVested #
- [Ext] getVesting
- [Ext] getTotalUserVestings
- [Ext] emergencyWithdraw #
- modifiers: onlyOwner
- [Ext] migrateROOT #
- modifiers: onlyOwner
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.