GNO Token v2.0.0 Audit Report

Copyright © 2022 by Verilog Solutions. All rights reserved.

April 22, 2022

by Verilog Solutions

This report presents our engineering engagement with the Gnosis team on the GNO Token v2.0.0, an ERC20 standard token contract used in various GNO ecosystem products.

Project NameGNO Token v2.0.0
Repository Linkhttps://github.com/gnosis/gno-token
Commit Hash1cc6023ecd6494dd4e37591c4864bb487f1b0373
Language Solidity
ChainGnosis Chain, Ethereum

About Verilog Solutions

Founded by a group of cryptography researchers and smart contract engineers in North America, Verilog Solutions elevates the security standard for Web3 ecosystems by being a full-stack Web3 security firm covering smart contract security, consensus security, and operational security for Web3 projects.

Verilog Solutions team works closely with major ecosystems and Web3 projects and applies a quality above quantity approach with a continuous security model. Verilog Solutions onboards the best and most innovative projects and provides the best-in-class advisory service on security needs, including on-chain and off-chain components.

Table of Contents

Service Scope

Service Stages

Our review focused on the v2.0.0 branch, specifically, commit hash 1cc6023ecd6494dd4e37591c4864bb487f1b0373.

Below is the summary of the GNO token v2.0.0 audit:

  1. Smart Contract Auditing Service
    • Verilog Solutions team analyzed the entire project using a detailed-oriented approach to capture the fundamental logic and suggested improvements to the existing code. Details can be found under Findings & Improvement Suggestions

Methodology

  • Code Assessment
    • We evaluate the overall quality of the code and comments as well as the architecture of the repository.
    • We help the project dev team improve the overall quality of the repository by providing suggestions on refactorization to follow the best practice of Web3 software engineering.
  • Code Logic Analysis
    • We dive into the data structures and algorithms in the repository and provide suggestions to improve the data structures and algorithms for the lower time and space complexities.
    • We analyze the hierarchy among multiple modules and the relations among the source code files in the repository and provide suggestions to improve the code architecture with better readability, reusability, and extensibility.
  • Access Control Analysis
    • We perform a comprehensive assessment of the special roles of the project, including their authorities and privileges.
    • We provide suggestions regarding the best practice of privilege role management according to the standard operating procedures (SOP).

Audit Scope

Our auditing for GNO Token v2.0.0 covered the following components

File Name
.\contracts\TokenGNO.sol
.\contracts\GnoDevDependencies.sol
.\@gnosis.pm\util-contracts\contracts\EtherToken.sol
.\@gnosis.pm\util-contracts\contracts\GnosisStandard.sol
.\@gnosis.pm\util-contracts\contracts\HumanFriendlyToken.sol
.\@gnosis.pm\util-contracts\contracts\Math.sol
.\@gnosis.pm\util-contracts\contracts\Migrations.sol
.\@gnosis.pm\util-contracts\contracts\Proxy.sol
.\@gnosis.pm\util-contracts\contracts\Token.sol

Project Summary

GNO token is used in various GNO ecosystem products. GNO ecosystem includes various applications and infrastructure, such as Gnosis Auction, Gnosis Safe, and Gnosis Chain. Gnosis Beacon Chain is currently live and secured with GNO token, and the Gnosis Beacon Chain will merge with Gnosis Chain later.

Cited from Ethereum Foundation EIP-20:

The token should have the following methods:

// view functions
function name() public view returns (string)
function symbol() public view returns (string)
function decimals() public view returns (uint8)
function totalSupply() public view returns (uint256)
function balanceOf(address) public view returns (uint256)

// interaction functions
function transfer(address, uint256) public returns (bool)
function transferFrom(address, address, uint256) public returns (bool)
function approve(address, uint256) public returns (bool)
function allowance(address, address) public view returns (uint256)

The token should have the following events:

event Transfer(address indexed _from, address indexed _to, uint256 _value)
event Approval(address indexed _owner, address indexed _spender, uint256 _value)

The GNO token v2.0.0 ERC-20 implementation provides the following functionalities:

  • transfer tokens from one account to another
  • retrieve the current token balance of an account
  • retrieve the total supply of the token available on the network
  • approve whether and amount of token from an account can be spent by a third-party account

Findings & Improvement Suggestions

Severity TotalAcknowledged Resolved
High 0 0 0
Medium 0 0 0
Low 1 1 0
Informational 1 1 0

High

none ; )

Medium

none ; )

Low

  1. Unused components
    SeverityLow
    Source@gnosis.pm/util-contracts/contracts/GnosisStandardToken.sol: L4 ; GnoDevDependencies.sol: L12;
    StatusAcknowledged
    • Description

      Proxy.sol has not been used in the GnosisStandardToken.sol and EtherToken.sol has not been used in the GnoDevDependencies.sol.

      GnosisStandardToken.sol is a standard token contract implemented by the Gnosis team. GnosisStandardToken.sol imported 3 solidity files:

      1. Token.sol: an abstract token contract for the ERC20 token (functions are not implemented)
      1. Math.sol: a math library allows the calculation of logarithmic and exponential functions
      1. Proxy.sol: a proxy standard contract indicates that a contract will be provided, it also defines storage requirements for proxy.

      However, the imported Proxy.sol has not been used/inherited in the GnosisStandardToken.sol.

      GnoDevDependencies.sol is used for truffle compilations.

      GnoDevDependencies.sol imported 2 Solidity files:

      1. GnosisStandardToken.sol: a standard token contract implemented by the Gnosis team.
      1. EtherToken.sol: a token contract that allows exchanging with Ether 1:1

      However, the imported EtherToken.sol has not been used/inherited in the GnoDevDependencies.sol.

      Smart contract implementation should be succinct and sufficient. To keep the best practice, any unnecessary functions/imports should be eliminated.

    • Exploit Scenario

      N/A

    • Recommendations

      Remove these unused imports.

    • Results

      Acknowledged by the Gnosis team.

Informational

  1. State variable visibility unspecified
    SeverityInformational
    Source@gnosis.pm/util-contracts/contracts/GnosisStandardToken.sol: L13-L15;
    StatusAcknowledged
    • Description

      Some variables in contract StandardTokenData.sol do not have specified visibilities. Labeling the visibility explicitly makes it easier to catch incorrect assumptions about who can access the variable.

      TokenGNO.sol is the ERC20 implementation of the GNO token and it inherits contract GnosisStandardToken.sol. There are three variables that existed in GnosisStandardToken.sol:

      contract StandardTokenData {
    /*
     *  Storage
     */
    mapping(address => uint) balances;
    mapping(address => mapping(address => uint)) allowances;
    uint totalTokens;
}

      The above pre-defined standard token data are accessed and can be modified in the derived contracts. Thus, the visibilities can be specifically marked as internal for better code readability and understanding.

    • Exploit Scenario

      N/A

    • Recommendations

      Adding internal for better readability, use below as an example

      mapping(address => uint) internal balances;
mapping(address => mapping(address => uint)) internal allowances;
unit internal totalTokens;
    • Results

      Acknowledged by the Gnosis team.

Access Control Analysis

The GNO token v2.0.0 has no significant privileged roles. Only when at deployment, the contract deployer will receive the pre-defined total supply of GNO token, which is a standard operation in most token contract deployments:

// from TokenGNO.sol
constructor(uint amount) public {
	totalTokens = amount;
	balances[msg.sender] = amount;
}

Off-Chain OpSec

N/A

Appendix I: Severity Categories

SeverityDescription
HighIssues that are highly exploitable security vulnerabilities. It may cause direct loss of funds / permanent freezing of funds. All high severity issues should be resolved.
MediumIssues that are only exploitable under some conditions or with some privileged access to the system. Users’ yields/rewards/information is at risk. All medium severity issues should be resolved unless there is a clear reason not to.
LowIssues that are low risk. Not fixing those issues will not result in the failure of the system. A fix on low severity issues is recommended but subject to the clients’ decisions.
InformationalIssues that pose no risk to the system and are related to the security best practices. Not fixing those issues will not result in the failure of the system. A fix on informational issues or adoption of those security best practices-related suggestions is recommended but subject to clients’ decision.

Appendix II: Status Categories

StatusDescription
UnresolvedThe issue is not acknowledged and not resolved.
Partially ResolvedThe issue has been partially resolved
AcknowledgedThe Finding / Suggestion is acknowledged but not fixed / not implemented.
ResolvedThe issue has been sufficiently resolved

Disclaimer

Verilog Solutions receives compensation from one or more clients for performing the smart contract and auditing analysis contained in these reports. The report created is solely for Clients and published with their consent. As such, the scope of our audit is limited to a review of code, and only the code we note as being within the scope of our audit detailed in this report. It is important to note that the Solidity code itself presents unique and unquantifiable risks since the Solidity language itself remains under current development and is subject to unknown risks and flaws. Our sole goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies. Thus, Verilog Solutions in no way claims any guarantee of security or functionality of the technology we agree to analyze.

In addition, Verilog Solutions reports do not provide any indication of the technologies proprietors, business, business model, or legal compliance. As such, reports do not provide investment advice and should not be used to make decisions about investment or involvement with any particular project. Verilog Solutions has the right to distribute the Report through other means, including via Verilog Solutions publications and other distributions. Verilog Solutions makes the reports available to parties other than the Clients (i.e., “third parties”) – on its website in hopes that it can help the blockchain ecosystem develop technical best practices in this rapidly evolving area of innovation.