[BAL] ERC20 Token Smart Contract Technical Assessment

[BAL] ERC20 Token Smart Contract Technical Assessment

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards? Yes.
  • Risk analysis : MEDIUM.

Technical Information

  • Compiler version : v0.6.8+commit.0bbfe453
  • Decimals : 18
  • Overflow checks : Yes, the contract uses the SafeMath library for uint operations.
  • Mitigation against allowance race-condition : Yes, the contract implements increaseAllowance and decreaseAllowance to get around this issue.
  • Upgradeable contract patterns : No.
  • Access control or restriction lists : No.
  • Non-standard features or behaviors : Yes.
    • Ability of the Balancer Team Multi-sig to add another minter, an address with the ability to mint uint256 amount of tokens. They can also mint themselves.

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes.
  • Does transferFrom have simple semantics? Yes.
  • Can balances be arbitrarily modified by some actor? No.
  • Are there any external calls? No.

Testnet Information

  • Balancer is deployed on Kovan and Rinkeby. List of relevant addresses here.

Contract Logic Summary

Administrative Addresses

Any address with Admin access can add / remove minters, and give itself minting functionality.

Inheritance Structure

BAL uses the standard OpenZeppelin ERC20Snapshot and AccessControl contract inheritance pattern.

Other

BalancerGovernanceToken also implements permit for gasless transactions.

Contract Risk Summary

This is a medium risk contract. The ERC20 function are implemented to industry standard, there are checks to prevent over/underflows, the approval race condition is correctly handled using increase/decreaseAllowance functions, and the contract is non-upgradeable. The known risk is the Admin Role address with the ability to add additional minters and set itself as minter. This governance address is currently a 2-of-3 multisig, so the risk is somewhat limited.

Supporting Materials

Architecture Diagram

Inheritance Diagram

SΕ«rya’s Description Report

Files Description Table

File Name SHA-1 Hash
BAL.sol 8106dc77388703878af03723ef09574ed8856884

Contracts Description Table

Contract Type Bases
β”” Function Name Visibility Mutability Modifiers
EnumerableSet Library
β”” _add Private :closed_lock_with_key: :stop_sign:
β”” _remove Private :closed_lock_with_key: :stop_sign:
β”” _contains Private :closed_lock_with_key:
β”” _length Private :closed_lock_with_key:
β”” _at Private :closed_lock_with_key:
β”” add Internal :lock: :stop_sign:
β”” remove Internal :lock: :stop_sign:
β”” contains Internal :lock:
β”” length Internal :lock:
β”” at Internal :lock:
β”” add Internal :lock: :stop_sign:
β”” remove Internal :lock: :stop_sign:
β”” contains Internal :lock:
β”” length Internal :lock:
β”” at Internal :lock:
Address Library
β”” isContract Internal :lock:
β”” sendValue Internal :lock: :stop_sign:
Context Implementation
β”” Internal :lock: :stop_sign:
β”” _msgSender Internal :lock:
β”” _msgData Internal :lock:
AccessControl Implementation Context
β”” hasRole Public :exclamation: NO❗️
β”” getRoleMemberCount Public :exclamation: NO❗️
β”” getRoleMember Public :exclamation: NO❗️
β”” getRoleAdmin Public :exclamation: NO❗️
β”” grantRole Public :exclamation: :stop_sign: NO❗️
β”” revokeRole Public :exclamation: :stop_sign: NO❗️
β”” renounceRole Public :exclamation: :stop_sign: NO❗️
β”” _setupRole Internal :lock: :stop_sign:
β”” _setRoleAdmin Internal :lock: :stop_sign:
β”” _grantRole Private :closed_lock_with_key: :stop_sign:
β”” _revokeRole Private :closed_lock_with_key: :stop_sign:
SafeMath Library
β”” add Internal :lock:
β”” sub Internal :lock:
β”” sub Internal :lock:
β”” mul Internal :lock:
β”” div Internal :lock:
β”” div Internal :lock:
β”” mod Internal :lock:
β”” mod Internal :lock:
Math Library
β”” max Internal :lock:
β”” min Internal :lock:
β”” average Internal :lock:
Arrays Library
β”” findUpperBound Internal :lock:
Counters Library
β”” current Internal :lock:
β”” increment Internal :lock: :stop_sign:
β”” decrement Internal :lock: :stop_sign:
IERC20 Interface
β”” totalSupply External :exclamation: NO❗️
β”” balanceOf External :exclamation: NO❗️
β”” transfer External :exclamation: :stop_sign: NO❗️
β”” allowance External :exclamation: NO❗️
β”” approve External :exclamation: :stop_sign: NO❗️
β”” transferFrom External :exclamation: :stop_sign: NO❗️
ERC20 Implementation Context, IERC20
β”” Public :exclamation: :stop_sign: NO❗️
β”” name Public :exclamation: NO❗️
β”” symbol Public :exclamation: NO❗️
β”” decimals Public :exclamation: NO❗️
β”” totalSupply Public :exclamation: NO❗️
β”” balanceOf Public :exclamation: NO❗️
β”” transfer Public :exclamation: :stop_sign: NO❗️
β”” allowance Public :exclamation: NO❗️
β”” approve Public :exclamation: :stop_sign: NO❗️
β”” transferFrom Public :exclamation: :stop_sign: NO❗️
β”” increaseAllowance Public :exclamation: :stop_sign: NO❗️
β”” decreaseAllowance Public :exclamation: :stop_sign: NO❗️
β”” _transfer Internal :lock: :stop_sign:
β”” _mint Internal :lock: :stop_sign:
β”” _burn Internal :lock: :stop_sign:
β”” _approve Internal :lock: :stop_sign:
β”” _setupDecimals Internal :lock: :stop_sign:
β”” _beforeTokenTransfer Internal :lock: :stop_sign:
ERC20Snapshot Implementation ERC20
β”” _snapshot Internal :lock: :stop_sign:
β”” balanceOfAt Public :exclamation: NO❗️
β”” totalSupplyAt Public :exclamation: NO❗️
β”” _transfer Internal :lock: :stop_sign:
β”” _mint Internal :lock: :stop_sign:
β”” _burn Internal :lock: :stop_sign:
β”” _valueAt Private :closed_lock_with_key:
β”” _updateAccountSnapshot Private :closed_lock_with_key: :stop_sign:
β”” _updateTotalSupplySnapshot Private :closed_lock_with_key: :stop_sign:
β”” _updateSnapshot Private :closed_lock_with_key: :stop_sign:
β”” _lastSnapshotId Private :closed_lock_with_key:
BalancerGovernanceToken Implementation AccessControl, ERC20Snapshot
β”” Public :exclamation: :stop_sign: ERC20
β”” _chainID Private :closed_lock_with_key:
β”” permit External :exclamation: :stop_sign: NO❗️
β”” _recover Private :closed_lock_with_key:
β”” mint Public :exclamation: :stop_sign: NO❗️
β”” burn Public :exclamation: :stop_sign: NO❗️
β”” burnFrom Public :exclamation: :stop_sign: NO❗️
β”” snapshot Public :exclamation: :stop_sign: NO❗️

Legend

Symbol Meaning
:stop_sign: Function can modify state
:dollar: Function is payable
8 Likes