Public Tests Success
Over the last few days, we have run a series of public tests on the Kovan testnet. We figured it would be a good idea to put the results of these tests into some sort of a report. To start, let’s look how this was laid out.
The test was structured in 3 parts:
1) The refund test
2) The Buoy-Davy Jones injection
3) The Davy Jones-Balancer pool injection
The first test found a bug in the refund mechanism during the initial stages of the test, and so was ended early.
The second test started with a revised refund test which worked perfectly. The sale was started back up, but we found that I hadn’t changed the sale dates from testing. This resulted in the sale ending early. We also found an issue with the contract not pointing to a testnet address, and so decided to end this test early as well.
However, the third time was a charm. The third test worked perfectly! Once the sale was started, it was continued to the end using public functionality. This is proof of concept that these sales can be run trustlessly! Very big deal.
However, we also found a vulnerability with the way the Balancer pool integrates. The way the contract works, the ETH deposited into Davy Jones is split into different tokens using predetermined %’s which matches the pool. Because the %’s are set, the different tokens are deposited at the same rate. Because of this, we have been only testing one of the tokens to determine how much has been deposited (e.g. if we can tell 80% of one token has been deposited, we can determine ~80% of all tokens have been deposited). A super basic example of how this can be exploited would be making a pool which greatly overvalues the price of a token which is not being tested, resulting in it being deposited at a slower rate than the other tokens and therefore allowing the devs to withdraw more leftover tokens than they should be allowed to.
We are going to do a bit more research here, but I personally don’t think the same issue is possible on the main net. Because the Kovan testnet version of Balancer can’t properly determine the price of a token (after all, it has no monetary value, and no arbitrage to hold any value set) it can be abused this way. A pool made on the main net will have monetary value, and therefore should be tracked and set against other Balancer pools. This means even if a coin could be listed at the wrong price (I don’t think this is an issue because we shouldn’t have any untracked tokens in the pool except Buoy itself, and the leftover Buoy is burned, not withdrawn) the pool would be arbitraged long before the public sale actually ends and the injection takes place. If there is an unlisted token however, the obvious answer would just be to test the unlisted tokens rather than the listed tokens which remain safe from the exploit.
So, a bit more testing to be done here. But besides these small issues, we really do have proof of concept! The model works! After the finishing touches are put on there, we will finalize the contract, and submit it to a security audit. If that comes back with the all clear, all systems will be a go for the public sale!
Buckle up, buoys.
