RWA Security Review: CFG Token Audit

Description

Function CFG::burn() doesn't call _moveDelegateVotes() unlike the similar functions like DelegationToken::burn().

This could leave token delegations, while the underlying tokens are burnt and could lead to incorrect results in voting.

This function will mostly be used by tokens bridges to the impact seems low.

Recommendation

Consider adding a call to _moveDelegateVotes().

Description

Invalid signatures not detected in delegateWithSig(). In that situation delegator will be address(0).

The risk is limited because address(0) won't contain tokens.

However, the following unwanted effects are present:

• setting a delegate for address(0), that normally shouldn't have a delegate
• emitting DelegateeChanged for address(0)

Also future changes/bugs could potentially allow tokens to exist on address(0).

Recommendation

Consider reverting when delegator == address(0).

Alternatively use a variation of isValidSignature(), which is also used used in ERC20:Permit() and already contains this check.

Description

The msg.sender of CFG.sol is authorized via auth to be able to do file(). Then ward is also authorized.

Assuming ward is not equal to msg.sender, msg.sender stays authorized and can still to mint().

Recommendation

Make sure only one address is authorized after the contract is deployed. This can be done in several ways:

• add something like: if (ward != msg.sender) deny(msg.sender); in the constructor of CFG.sol;
• change the code so only ward is authorized;
• uncomment the deny statement in the deployment script.

Description

The functions transfer() and transferFrom() don't explicitly check the result of their super functions.

The risk is limited because the underlying implementation is known and allways returns true. However it is safer not to rely on this implicit information.

Recommendation

Consider check the return values of the super functions, or at least add a comment.

Description

The URL https://github.com/morpho-org/morpho-token-upgradeable resolves to https://github.com/morpho-org/morpho-token. So the resulting url could also be references in DelegationToken.sol.

Recommendation

Consider changing the comment in the following way:

-/// @author Modified from https://github.com/morpho-org/morpho-token-upgradeable
+/// @author Modified from https://github.com/morpho-org/morpho-token

Description

The repository protocol-v3 might not be accessible by everyone, which makes reviewing the code more difficult.

Recommendation

Consider adding the underlying code to the cfg-token repository.

Description

ERC20::permit() uses SignatureLib.isValidSignature(), which also allow smart contract accounts to sign.

However delegateWithSig() doesn't support this. The result is that smart contract accounts can't used. This is increasingly relevant with ERC 4337/EIP 7702.

Recommendation

Consider using a variation of SignatureLib.isValidSignature() to also allow smart contract accounts.

Note: SignatureLib.isValidSignature() currently requires signer as an input parameter, which isn't passed to delegateWithSig().

Description

There is no interface file for CFG.sol. This makes using the token more complicated.

Recommendation

Consider creating an interface file ICFG.sol. Also inherit from it to make sure the interface is correct.

Description

Function burn() uses both balanceOf() and _balanceOf(). The second call could be replaced with balance, which cantains the value of the first version.

Recommendation

Consider changing the code to:

function burn(uint256 value) external {
    uint256 balance = balanceOf(msg.sender);
    require(balance >= value, InsufficientBalance());
    ...       
-   _setBalance(msg.sender, _balanceOf(msg.sender) - value);
+   _setBalance(msg.sender, balance - value);
    ...
}

Note: these changes can also be done in ERC20.sol for functions transfer(), _transferFrom() and burn().

Description

A small optimization can be done in the calculation of totalSupply.

Note: similare optimizations can also be done in ERC20.sol for mint() and burn().

Recommendation

-totalSupply = totalSupply - value;
+totalSupply -= value;