If you notice some outdated information please let us know!
Process Quality Review (0.8)
Moonwell
FAIL
Scoring Appendix
The final review score is indicated as a percentage. The percentage is calculated as Achieved Points due to MAX Possible Points. For each element the answer can be either Yes/No or a percentage. For a detailed breakdown of the individual weights of each question, please consult this document.
Very simply, the audit looks for the following declarations from the developer's site. With these declarations, it is reasonable to trust the smart contracts.
- Here is my smart contract on the blockchain
- You can see it matches a software repository used to develop the code
- Here is the documentation that explains what my smart contract does
- Here are the tests I ran to verify my smart contract
- Here are the audit(s) performed to review my code by third party experts
This report is for informational purposes only and does not constitute investment advice of any kind, nor does it constitute an offer to provide investment advisory or other services. Nothing in this report shall be considered a solicitation or offer to buy or sell any security, token, future, option or other financial instrument or to offer or provide any investment advice or service to any person in any jurisdiction. Nothing contained in this report constitutes investment advice or offers any opinion with respect to the suitability of any security, and the views expressed in this report should not be taken as advice to buy, sell or hold any security. The information in this report should not be relied upon for the purpose of investing. In preparing the information contained in this report, we have not taken into account the investment needs, objectives and financial circumstances of any particular investor. This information has no regard to the specific investment objectives, financial situation and particular needs of any specific recipient of this information and investments discussed may not be suitable for all investors.
Any views expressed in this report by us were prepared based upon the information available to us at the time such views were written. The views expressed within this report are limited to DeFiSafety and the author and do not reflect those of any additional or third party and are strictly based upon DeFiSafety, its authors, interpretations and evaluation of relevant data. Changed or additional information could cause such views to change. All information is subject to possible correction. Information may quickly become unreliable for various reasons, including changes in market conditions or economic circumstances.
This completed report is copyright (c) DeFiSafety 2023. Permission is given to copy in whole, retaining this copyright label.
Smart Contracts & Team
89%
This section looks at the code deployed on the relevant chain that gets reviewed and its corresponding software repository. The document explaining these questions is here.
1. Are the smart contract addresses easy to find? (%)
2. How active is the primary contract? (%)
Contract Artemis Comptroller is used well over 100 times a day, as indicated in the Appendix.
3. Does the protocol have a public software repository? (Y/N)
Moonwell's open source code can be found in their GitHub.
4. Is there a development history visible? (%)
With 4 commits and 1 branch, Moonwell's main repository shows a subpar development history.
5. Is the team public (not anonymous)?
Public team members can be found on the front page of the Moonwell website.
Documentation
77%
This section looks at the software documentation. The document explaining these questions is here.
6. Is there a whitepaper? (Y/N)
Location: https://docs.moonwell.fi/moonwell-finance/introduction/what-is-moonwell
7. Is the protocol's software architecture documented? (Y/N)
Moonwell's software architecture is documented here.
8. Does the software documentation fully cover the deployed contracts' source code? (%)
Moonwell's technical docs go over the functions of their major smart contracts, but it is not exhaustive.
9. Is it possible to trace the documented software to its implementation in the protocol's source code? (%)
There is explicit traceability between software documentation and implemented code insofar as the Moonwell technical docs directly link to the source code.
Testing
60%
10. Has the protocol tested their deployed code? (%)
Code examples are in the Appendix at the end of this report.. As per the SLOC, there is 201% testing to code (TtC). This score is guided by the Test to Code ratio (TtC). Generally a good test to code ratio is over 100%. However, the reviewer's best judgement is the final deciding factor.
11. How covered is the protocol's code? (%)
There is no evidence of Moonwell's code coverage. However, their dedication to in-depth testing is evident.
12. Does the protocol provide scripts and instructions to run their tests? (Y/N)
Scripts/Instructions location: https://github.com/moonwell-fi/contracts-open-source#testing
13. Is there a detailed report of the protocol's test results?(%)
There is no evidence of a Moonwell detailed test report.
14. Has the protocol undergone Formal Verification? (Y/N)
Moonwell has not undergone formal verification.
15. Were the smart contracts deployed to a testnet? (Y/N)
Moonwell has not visibly been deployed to a testnet
Security
96%
This section looks at the 3rd party software audits done. It is explained in this document.
16. Is the protocol sufficiently audited? (%)
Moonwell has repeatedly had their published source code audited by Halborn, who they seemingly have a retainer agreement with, prior to each release. This can all be seen here. Most fixes and suggested improvements were implemented.
17. Is the bounty value acceptably high (%)
Moonwell offers an active bug bounty of $250K.
Admin Controls
28%
This section covers the documentation of special access controls for a DeFi protocol. The admin access controls are the contracts that allow updating contracts or coefficients in the protocol. Since these contracts can allow the protocol admins to "change the rules", complete disclosure of capabilities is vital for user's transparency. It is explained in this document.
18. Is the protocol's admin control information easy to find?
Admin control information is sparse and in various locations. However, it is also not formally described and more so vaguely mentioned.
19. Are relevant contracts clearly labelled as upgradeable or immutable? (%)
Each smart contract isn't explicitly labelled as upgradeable or immutable. While upgradeability is clearly a component of Moonwell's software, additional details need to be provided.
20. Is the type of smart contract ownership clearly indicated? (%)
Moonwell has a governance mechanism but the protocol also encompasses a multitude of admin roles that are not clearly defined in their documentation. This information is, however, clearly defined in the Moonwell code.
21. Are the protocol's smart contract change capabilities described? (%)
Smart contract change capabilities are not identified in Moonwell's smart contracts documentation.
22. Is the protocol's admin control information easy to understand? (%)
This information is in software specific language.
23. Is there sufficient Pause Control documentation? (%)
There is a mention of a Pause Guardian, but the associated hyperlink is dead.
24. Is there sufficient Timelock documentation? (%)
Moonwell has timelock documentation which can be found at this location.
25. Is the Timelock of an adequate length? (Y/N)
The timelock is 24h, as specified in this location.
Oracles
38%
This section goes over the documentation that a protocol may or may not supply about their Oracle usage. Oracles are a fundamental part of DeFi as they are responsible for relaying tons of price data information to thousands of protocols using blockchain technology. Not only are they important for price feeds, but they are also an essential component of transaction verification and security. These questions are explained in this document.
26. Is the protocol's Oracle sufficiently documented? (%)
There are multiple allusions to price oracle functions and Chainlink within the Moonwell docs, but the oracles they use are not explicitly defined. Hyperlinks are dead.
27. Is front running mitigated by this protocol? (Y/N)
Moonwell does not document their mitigation plan for front running.
28. Can flashloan attacks be applied to the protocol, and if so, are those flashloan attack risks mitigated? (Y/N)
Moonwell documents liquidity attack countermeasures here.
Appendices
1/**
2 * @title Moonwell's Comptroller Contract
3 * @author Moonwell
4 */
5contract Comptroller is ComptrollerVXStorage, ComptrollerInterface, ComptrollerErrorReporter, ExponentialNoError {
6 /// @notice Emitted when an admin supports a market
7 event MarketListed(MToken mToken);
8
9 /// @notice Emitted when an account enters a market
10 event MarketEntered(MToken mToken, address account);
11
12 /// @notice Emitted when an account exits a market
13 event MarketExited(MToken mToken, address account);
14
15 /// @notice Emitted when close factor is changed by admin
16 event NewCloseFactor(uint oldCloseFactorMantissa, uint newCloseFactorMantissa);
17
18 /// @notice Emitted when a collateral factor is changed by admin
19 event NewCollateralFactor(MToken mToken, uint oldCollateralFactorMantissa, uint newCollateralFactorMantissa);
20
21 /// @notice Emitted when liquidation incentive is changed by admin
22 event NewLiquidationIncentive(uint oldLiquidationIncentiveMantissa, uint newLiquidationIncentiveMantissa);
23
24 /// @notice Emitted when price oracle is changed
25 event NewPriceOracle(PriceOracle oldPriceOracle, PriceOracle newPriceOracle);
26
27 /// @notice Emitted when pause guardian is changed
28 event NewPauseGuardian(address oldPauseGuardian, address newPauseGuardian);
29
30 /// @notice Emitted when an action is paused globally
31 event ActionPaused(string action, bool pauseState);
32
33 /// @notice Emitted when an action is paused on a market
34 event ActionPaused(MToken mToken, string action, bool pauseState);
35
36 /// @notice Emitted when supply reward speed is updated
37 event SupplyRewardSpeedUpdated(uint8 rewardToken, MToken indexed mToken, uint newSupplyRewardSpeed);
38
39 /// @notice Emitted when borrow reward speed is updated
40 event BorrowRewardSpeedUpdated(uint8 rewardToken, MToken indexed mToken, uint newBorrowRewardSpeed);
41
42 /// @notice Emitted when a new WELL speed is set for a contributor
43 event ContributorWellSpeedUpdated(address indexed contributor, uint newSpeed);
44
45 /// @notice Emitted when WELL or GLMR is distributed to a borrower
46 event DistributedBorrowerReward(uint8 indexed tokenType, MToken indexed mToken, address indexed borrower, uint wellDelta, uint wellBorrowIndex);
47
48 /// @notice Emitted when WELL or GLMR is distributed to a supplier
49 event DistributedSupplierReward(uint8 indexed tokenType, MToken indexed mToken, address indexed supplier, uint wellDelta, uint wellSupplyIndex);
50
51 /// @notice Emitted when borrow cap for a mToken is changed
52 event NewBorrowCap(MToken indexed mToken, uint newBorrowCap);
53
54 /// @notice Emitted when borrow cap guardian is changed
55 event NewBorrowCapGuardian(address oldBorrowCapGuardian, address newBorrowCapGuardian);
56
57 /// @notice Emitted when WELL is granted by admin
58 event WellGranted(address recipient, uint amount);
59
60 /// @notice The initial WELL and GLMR index for a market
61 uint224 public constant initialIndexConstant = 1e36;
62
63 // closeFactorMantissa must be strictly greater than this value
64 uint internal constant closeFactorMinMantissa = 0.05e18; // 0.05
65
66 // closeFactorMantissa must not exceed this value
67 uint internal constant closeFactorMaxMantissa = 0.9e18; // 0.9
68
69 // No collateralFactorMantissa may exceed this value
70 uint internal constant collateralFactorMaxMantissa = 0.9e18; // 0.9
71
72 // reward token type to show WELL or GLMR
73 uint8 public constant rewardWell = 0;
74 uint8 public constant rewardGlmr = 1;
75
76 // The amount of gas to use when making a native asset transfer.
77 uint16 public gasAmount = 2300;
78
79 /// @notice Emitted when the admin changes the gas amount.
80 event NewGasAmount(uint16 oldGasAmount, uint16 newGasAmount);
81
82 constructor() public {
83 admin = msg.sender;
84 }
85
86 /*** Assets You Are In ***/
87
88 /**
89 * @notice Returns the assets an account has entered
90 * @param account The address of the account to pull assets for
91 * @return A dynamic list with the assets the account has entered
92 */
93 function getAssetsIn(address account) external view returns (MToken[] memory) {
94 MToken[] memory assetsIn = accountAssets[account];
95
96 return assetsIn;
97 }
98
99 /**
100 * @notice Returns whether the given account is entered in the given asset
101 * @param account The address of the account to check
102 * @param mToken The mToken to check
103 * @return True if the account is in the asset, otherwise false.
104 */
105 function checkMembership(address account, MToken mToken) external view returns (bool) {
106 return markets[address(mToken)].accountMembership[account];
107 }
108
109 /**
110 * @notice Add assets to be included in account liquidity calculation
111 * @param mTokens The list of addresses of the mToken markets to be enabled
112 * @return Success indicator for whether each corresponding market was entered
113 */
114 function enterMarkets(address[] memory mTokens) public returns (uint[] memory) {
115 uint len = mTokens.length;
116
117 uint[] memory results = new uint[](len);
118 for (uint i = 0; i < len; i++) {
119 MToken mToken = MToken(mTokens[i]);
120
121 results[i] = uint(addToMarketInternal(mToken, msg.sender));
122 }
123
124 return results;
125 }
126
127 /**
128 * @notice Add the market to the borrower's "assets in" for liquidity calculations
129 * @param mToken The market to enter
130 * @param borrower The address of the account to modify
131 * @return Success indicator for whether the market was entered
132 */
133 function addToMarketInternal(MToken mToken, address borrower) internal returns (Error) {
134 Market storage marketToJoin = markets[address(mToken)];
135
136 if (!marketToJoin.isListed) {
137 // market is not listed, cannot join
138 return Error.MARKET_NOT_LISTED;
139 }
140
141 if (marketToJoin.accountMembership[borrower] == true) {
142 // already joined
143 return Error.NO_ERROR;
144 }
145
146 // survived the gauntlet, add to list
147 // NOTE: we store these somewhat redundantly as a significant optimization
148 // this avoids having to iterate through the list for the most common use cases
149 // that is, only when we need to perform liquidity checks
150 // and not whenever we want to check if an account is in a particular market
151 marketToJoin.accountMembership[borrower] = true;
152 accountAssets[borrower].push(mToken);
153
154 emit MarketEntered(mToken, borrower);
155
156 return Error.NO_ERROR;
157 }
158
JavaScript Tests
Tests to Code: 10418 / 5177 = 201 %