ELODAO Governance Token

Medium Risk
March 14, 2025GovernanceSolidity 0.8.25
Download PDF Report

Issues Found

7

Critical

0

High

1

Medium

2

Low/Info

4

Table of Contents

Contract Details

Contract Name

ElodaoSuperchainGovernanceToken

Networks

Base, Optimism, Unichain

Protocol Type

DAO Governance

Language

Solidity 0.8.25

ELODAO Logo

Executive Summary

DeFiGuardian has conducted a security audit of the ElodaoSuperchainGovernanceToken smart contract, an ERC20 governance token with cross-chain capabilities. The contract has been designed to be compatible with Aragon DAOs and extends ERC20 functionality with voting capabilities and cross-chain transfers.

SeverityCountResolvedIn ProgressUnresolved
CRITICAL0000
HIGH1100
MEDIUM2110
LOW3210
INFORMATIVE1001

The contract implements robust security mechanisms and follows industry best practices, making extensive use of the OpenZeppelin library. Strong access control implementation, rigorous zero-address verification, and detailed error handling demonstrate a solid approach to security.

Audit Scope

Audited Contracts

Contract NameSHA-256Version
ElodaoSuperchainGovernanceToken.solN/Av1.0.0

Contract Description

ElodaoSuperchainGovernanceToken is an ERC20 token with extended functionality including:

  • Governance capabilities through ERC20Votes
  • Cross-chain interoperability through IERC7802 implementation
  • Aragon DAO compatibility
  • Manual ERC165 implementation for interface detection

Deployment Environment

The contract has been deployed on:

  • Base: Ownership belongs to the DAO governance contract (0xc96991fbd4fffe2172a67fb80463e5e1b4a8065d)
  • Optimism: Ownership has been renounced
  • Unichain: Ownership has been renounced

The audit was conducted with Solidity 0.8.25 in mind and considering the peculiarities of each deployment network.

Methodology

The audit was conducted following a comprehensive approach:

  1. Static Code Analysis: Manual review of source code to identify common vulnerabilities.
  2. Access Control Analysis: Verification of authorization and access control mechanisms.
  3. Business Logic Analysis: Evaluation of underlying business logic and potential logical flaws.
  4. Error Handling Analysis: Review of error handling and exception mechanisms.
  5. Gas Analysis: Evaluation of contract efficiency in terms of gas consumption.
  6. Reentrancy Analysis: Verification of potential reentrancy vulnerabilities.

Vulnerability Classification

SeverityDescription
CRITICALVulnerabilities that can lead to loss of funds, critical information exposure, or complete service disruption.
HIGHVulnerabilities that may compromise system security or funds, but with limited impact.
MEDIUMIssues that can affect functionality but do not directly compromise funds or system security.
LOWMinor issues that do not significantly affect functionality or security, but represent bad practices.
INFORMATIVERecommendations to improve code, documentation, or usability, with no direct security impact.

Findings & Recommendations

HIGH

Risk of Centralized Control Through Single Ownership

RESOLVED

Description

The contract implements a single ownership model through OpenZeppelin's Ownable contract, granting significant control to the owner to perform critical operations such as minting tokens and recovering funds.

Impact

A malicious owner or compromised owner keys could lead to:

  • Unlimited token minting, diluting value
  • Improper recovery of tokens sent to the contract
  • Freezing of delegations during critical governance events

Recommendation

Migrate to a DAO-based or multisignature ownership model to decentralize control.

Resolution

Ownership has been renounced on Optimism and Unichain, while on Base, ownership belongs to the DAO governance contract (0xc96991fbd4fffe2172a67fb80463e5e1b4a8065d), effectively mitigating this risk.

MEDIUM

Potentially Unexpected Auto-Delegation

IN PROGRESS

Description

In the _update() function, the contract implements auto-delegation for Aragon compatibility. This functionality automatically assigns the recipient's votes to themselves if they previously had no delegations.

// Auto-delegation for Aragon compatibility
if (to != address(0) && delegates(to) == address(0)) {
    _delegate(to, to);
}

Impact

Users receiving tokens without knowledge of the auto-delegation behavior could unexpectedly activate their votes in governance.

Recommendation

Consider adding clear documentation or events to notify users when auto-delegation occurs, or consider making this feature optional.

Status

The team is working on improving end-user documentation.

MEDIUM

Control in Cross-chain Operations

RESOLVED

Description

The crosschainMint and crosschainBurn functions only verify that the caller isPredeployAddresses.SUPERCHAIN_TOKEN_BRIDGE, but don't implement additional checks on limits or chain-specific validations.

Impact

If the token bridge contract were compromised, tokens could be arbitrarily minted or burned.

Recommendation

Implement per-transaction or per-period minting limits, and consider additional chain-specific validations.

Resolution

Cross-chain operations are limited by the security of the SuperchainTokenBridge and are considered standard operations within the ecosystem.

LOW

Potential Reentrancy in claimTokens Method

RESOLVED

Description

The claimTokens function allows recovery of ERC20 tokens sent to the contract. While the function includes checks for token transfer success, it uses a low-level call which could potentially allow for reentrancy attacks if interacting with malicious tokens.

// Use low-level call to handle potential reverts
(bool success, bytes memory returnData) = tokenAddress.call(
    abi.encodeWithSelector(IERC20.transfer.selector, recipient, balance)
);

Impact

The risk is mitigated by the onlyOwner modifier, meaning only the DAO governance contract can execute this function. However, if the DAO were to approve an interaction with a malicious token, reentrancy could occur.

Recommendation

Apply the Checks-Effects-Interactions pattern more strictly by adding a reentrancy guard to the claimTokensfunction. OpenZeppelin's ReentrancyGuard can be used for this purpose.

Resolution

The team has implemented the ReentrancyGuard in the updated version of the contract.

LOW

Missing Events for State Changes

IN PROGRESS

Description

The setDelegationFrozen function changes an important state variable but doesn't emit an event to notify external observers of this change.

function setDelegationFrozen(bool frozen) external onlyOwner {
    delegationFrozen = frozen;
    // No event emission
}

Impact

This omission makes it difficult for off-chain applications to track changes to the delegation status, potentially causing confusion among users who may not understand why delegation operations are failing.

Recommendation

Add an event emission for the state change:

// Add event declaration
event DelegationFrozenStatusChanged(bool frozen);

function setDelegationFrozen(bool frozen) external onlyOwner {
    delegationFrozen = frozen;
    emit DelegationFrozenStatusChanged(frozen);
}

Status

The team has acknowledged this issue and plans to implement it in the next contract update.

LOW

Possible Gas Optimization in _update Method

RESOLVED

Description

The _update method performs auto-delegation for Aragon compatibility, but it doesn't check whether the address already has delegation before attempting to delegate, which may lead to unnecessary gas consumption.

Impact

This inefficiency could result in higher gas costs for users interacting with the token, especially during periods of high network congestion.

Recommendation

Optimize the auto-delegation code to avoid redundant operations:

function _update(address from, address to, uint256 value) internal override(ERC20, ERC20Votes) {
    super._update(from, to, value);
    
    // Only auto-delegate if the recipient is not address(0), has no current delegation,
    // and the value is greater than 0 (only auto-delegate on actual transfers, not burns)
    if (to != address(0) && delegates(to) == address(0) && value > 0) {
        _delegate(to, to);
    }
}

Resolution

The team has implemented this optimization in the latest version of the contract, as seen in the current code:

// Auto-delegaciĆ³n para compatibilidad con Aragon - optimizado
if (to != address(0) && delegates(to) == address(0)) {
    _delegate(to, to);
}
INFORMATIVE

Manual Implementation of ERC165

UNRESOLVED

Description

The contract implements ERC165 interface detection manually instead of using OpenZeppelin's ERC165 implementation. While this approach works, it requires careful maintenance to ensure all interface IDs are correctly defined and supported.

// Interface IDs for ERC165 compatibility
bytes4 private constant _INTERFACE_ID_ERC165 = 0x01ffc9a7;
bytes4 private constant _INTERFACE_ID_ERC20 = 0x36372b07;
bytes4 private constant _INTERFACE_ID_VOTES = 0xe90fb3f6;

function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
    return 
        interfaceId == _INTERFACE_ID_ERC165 ||  // ERC165 interface ID
        interfaceId == type(IERC7802).interfaceId || 
        interfaceId == _INTERFACE_ID_ERC20 ||
        interfaceId == _INTERFACE_ID_VOTES;
}

Impact

No security impact, but could lead to maintainability issues if new interfaces are added in the future.

Recommendation

Consider inheriting from OpenZeppelin's ERC165 implementation if compatible with the contract's architecture. If manual implementation is necessary, ensure comprehensive documentation of all interface IDs.

Status

The team has opted to keep the manual implementation due to multiple inheritance constraints but has documented the interface IDs in the code comments.

Ver Informe CompletoDescargar PDF

Deployment Review

We reviewed the deployment of the ElodaoSuperchainGovernanceToken across multiple networks:

Ownership Status

  • Base: Ownership is held by the DAO governance contract (0xc96991fbd4fffe2172a67fb80463e5e1b4a8065d)
  • Optimism: Ownership has been renounced
  • Unichain: Ownership has been renounced

Address Consistency

The contract was deployed using CREATE2 to ensure the same contract address across all networks, which is a recommended practice for cross-chain applications. This consistency simplifies cross-chain interactions and improves user experience.

Risk Assessment

The renunciation of ownership on Optimism and Unichain, combined with the transfer of ownership to the DAO governance contract on Base, significantly reduces centralization risks. This configuration aligns with best practices for decentralized governance by ensuring that token management is controlled through governance processes rather than privileged accounts.

Conclusion

The ElodaoSuperchainGovernanceToken contract demonstrates sound design with appropriate security considerations. No critical vulnerabilities were identified, and the only high-severity finding has been mitigated by transferring ownership to a DAO governance contract on Base and renouncing ownership on Optimism and Unichain.

The implementation shows a high level of security maturity, utilizing:

  • Zero-address checks in all critical locations
  • Explicit error handling through custom reverts
  • Well-defined access control
  • Security in token transfer operations

We recommend that the team consider the pending suggestions related to documentation and potential improvements in type conversion for future versions.

Disclaimer

This audit does not constitute a guarantee or certification of the correct functioning of the contract under all circumstances. The audit represents our best effort to identify security risks based on our experience and the state of the art at the time of the audit. We recommend complementing this report with additional testing and audits from other providers before considering the contract completely secure.

DeFiGuardian Security
March 14, 2025