InstaDApp Audit Summary

Originally published at: https://blog.openzeppelin.com/instadapp-audit-summary/



InstaDApp is an autonomous banking portal that runs on top of emerging blockchain-based financial protocols such as MakerDAO, Uniswap, or Compound. Its mission is to simplify everyday banking needs, such as taking loans, lending money, swapping tokens, and taking leveraged positions.

InstaDApp provides an interface on top of other DeFi protocols. Its target userbase is users who lack advanced technical or financial experience. It helps users manage CDPs, including providing the ability to wipe or add collateral to 3rd-party CDPs, keep track of CDP activity via email or Telegram, and save gas by bundling transactions. For example, a user with a CDP can withdraw Dai, buy ETH, and lock that ETH, all with a single transaction.

System Overview

The core of InstaDApp consists of two top-level contracts: UserWallet and InstaRegistry. The InstaRegistry contract is used to deploy new UserWallet instances, track the ownership of UserWallet instances that it deploys, and approve/disapprove logic proxy contracts that can be used by the UserWallet instances that it has deployed. It is not intended to hold any valuable assets.

The UserWallet contracts are the only contracts intended to hold any valuable assets. They are built using a proxy pattern that allows their functionality to be extended using proxy logic contracts that have been approved by the InstaRegistry contract. Proxy logic contracts can be approved by the InstaRegistry contract in one of two ways: “standard”, or “static”.

When the InstaRegistry contract approves a proxy logic contract as “static”, it can never be disapproved in the future. This means that users can be sure they’ll always have access to any functionality provided by a static logic proxy — even if the InstaRegistry contract admins later become malicious or compromised. Static logic proxies could be used, for example, to provide all functionality needed for users to withdraw funds from their UserWallet.

When the InstaRegistry contract approves a proxy logic contract as “standard”, it can be disapproved in the future. Classifying logic proxies this way gives InstaDApp the flexibility to introduce new features or business models that it can later remove.

Summary of Findings

We audited the UserWallet and InstaRegistry contracts (and all contracts from which they inherit). We did not find any critical or high-severity issues. We particularly liked how the InstaDApp team separated “standard” and “static” logic proxies in an effort to limit the damage that a malicious or compromised InstaRegistry admin could cause. While a malicious InstaRegistry admin could add a malicious logic proxy and try to trick a user into invoking it, they would never be able to prevent a user from withdrawing their assets from the InstaDApp system — assuming the logic needed to exit had already been approved as static logic.

We did not audit any logic proxy contracts as part of this audit. Since proxy logic contracts can be used to manipulate the state of UserWallet contracts when they are invoked by owners of the UserWallet (including transferring valuable assets out of the wallet), we recommend that any proxy logic contracts also be audited.

We found a few interesting medium and low severity issues and offered some suggestions on how to fix them. Some of the more interesting ones include:

  • Transfers of wallet ownership may be DoSed by an active attacker.
  • Transactions in which new wallets are created can be made to fail by an active attacker.
  • One of the events returns a data position rather the data itself.

We proposed some additional changes to follow best practices, improve extensibility, and reduce potential attack surface.

Audit Report

For more details and information you can read the full report.

1 Like