How Did QuillAudits Secure Pluto Fi’s Liquidations, Price Feeds & Reward Accuracy?

Pluto Fi, a decentralized finance (DeFi) protocol on the Solana blockchain, maximizes user earnings through leveraged yield strategies and passive lending. With multipliers up to 9.5x, it allows users to optimize yield from assets like JLP and INF. The protocol also incorporates safety mechanisms such as Emergency Eject, Liquidation Saver, and Profit Taker to protect users’ investments.

Pluto Fi’s Advanced Yield Optimization & Security Framework

Pluto Fi’s core functionality is designed to provide users with advanced yield optimization strategies.

The platform ensures:

• Flexible Leverage: Users can amplify returns up to 9.5x through structured yield farming strategies.
• Passive Income: Users can lend assets and earn passive APY without active management.
• Security Mechanisms: Pluto Fi integrates safety modes like Emergency Eject and Liquidation Saver to mitigate financial risks.
• Multi-Asset Support: Users can utilize assets like USDC, SOL, and PYUSD for lending and leveraging.
  
  

Addressing Pluto Fi’s Security & Operational Challenges

Our audit uncovered several critical security concerns, including unauthorized claims and compounding exploits, precision loss in leverage vault calculations, incorrect share allocations, and logic errors in referral handling.

To mitigate these risks, we implemented stricter validation mechanisms to prevent excessive fund claims, adjusted reward scaling to ensure accurate APY distribution, corrected share allocation logic to eliminate inefficiencies, and refined referral mechanics to prevent exploitation.

These crucial improvements reinforced Pluto Fi’s security, financial stability, and overall protocol integrity, ensuring a more reliable and fair ecosystem for users.

Pluto Fi’s Journey Through Our Audit Process

1. Information Gathering
   • Collected and reviewed all relevant documentation, including whitepaper, technical specifications, and design documents.
   • Obtained a clear understanding of the Pluto Smart Contracts functionality and intended user interactions.
   • Discussed client concerns and specific areas of focus for the audit.
2. Manual Code Review:
   • Conducted a line-by-line review of the smart contract code, focusing on:
     • Vulnerability identification: Searching for known vulnerabilities like reentrancy, front-running, integer overflows, and access control issues, etc.
     • Logic flaws: Identifying inconsistencies or unintended behaviours in the code logic.
3. Functional Testing:
   • Developed and executed a comprehensive set of test cases covering various user interactions and edge cases.
   • Leveraged tools like Hardhat and Ganache to deploy and test the smart contract locally.
4. Reporting & Remediation:
   • Prepared a detailed report outlining all identified vulnerabilities, categorized by severity and potential impact.
   • Provided clear recommendations for fixing each vulnerability, including code snippets and best practices.
   • Collaborated with the Pluto team to prioritize and address the identified issues.
   • Conducted additional verification testing after vulnerability fixes were implemented.

QuillAudits’ Strategic Approach to Pluto Fi’s Security Audit

Our approach to auditing Pluto Fi involved a combination of threat modeling, a security-first mindset, and extensive testing. We used both white-box and black-box testing methods to ensure a thorough assessment, maintaining transparency and clear communication with the Pluto Fi team throughout the process.

Pre-Audit Security Considerations and Scope

Prior to commencing the security assessment of Pluto decentralized Smart Contracts, the development team highlighted several critical areas of concern that warranted thorough examination. Their primary focus centered around:

• VaultEarnDeposit
• VaultEarnWithdraw
• VaultLeverageFund
• VaultLeverageConfiscate
• VaultLeverageClose
• VaultLeverageRelease
• VaultLeverageRepayBorrow
• VaultLeverageClosing

Requested Attack Vector Analysis

The Pluto team specifically requested thorough testing against several high-priority attack vectors:

1. Assigning wrong unit amount to earn / leverage user
2. Price Oracle Manipulation
3. Failed Liquidation
4. Fund Lost Forever ( irrecoverable user / protocol crypto asset)

Based on all Checkpoints from Pluto Team and On our Own Indepth Analysis, we performed a  comprehensive audit of Pluto Smart Contracts, which revealed a total of 14 issues, categorised by severity:

• High Severity Issues(8): These issues pose a Very High risk and should be addressed immediately.
• Low Severity Issues (2): These findings have a minor impact and are just warnings that can remain unfixed for now. It would be better to fix these issues at some point in the future.
• Informational Severity Issues (4): issues that indicate an improvement request, a general question, a cosmetic or documentation error, or a request for information. There is low-to-no impact.

The critical issues discovered during the audit are particularly interesting and demonstrate the complexity of the Pluto Smart Contracts.

Comprehensive Audit Discoveries

We identified multiple critical vulnerabilities, including:

1. Pyth Price Feed Vulnerability: The protocol's reliance on Pyth price feeds without considering the provided confidence intervals exposes it to price volatility and manipulation risks. Core functions use only the aggregate price, neglecting the range of possible true prices. This can lead to over-leveraging, insufficient debt repayment, and inaccurate liquidations/profit calculations, potentially harming both users and the protocol's solvency.
2. Liquidation Risk Post-Freeze: The protocol's freeze mechanism, while designed for safety, inadvertently puts borrowers at immediate liquidation risk upon unfreezing. While frozen, borrowers cannot adjust their positions, and market fluctuations may push them below liquidation thresholds. This gives liquidators an unfair advantage and can lead to unjust losses for borrowers, damaging trust in the protocol.
3. Liquidation Fee Bypass: The protocol's liquidation process, involving a sequence of instructions, is susceptible to fee bypass. By calling the closing instruction before the fee payment instruction, or through emergency ejects, liquidators and the protocol can be deprived of their rightful fees. This undermines the liquidation incentive structure and impacts protocol revenue.
4. Inaccurate Fractional Arithmetic: The protocol's fractional arithmetic functions (div_floor, div_ceil, mul_floor, mul_ceil) are incorrectly implemented. They rely on Rust's default integer truncation, failing to enforce the intended flooring and ceiling logic. This can lead to incorrect calculations throughout the protocol, potentially impacting user balances and protocol stability.
5. Unvalidated Leverage Vault in Earn Vault Index Setting: The function for setting the Earn vault index lacks validation for the associated Leverage vault. This allows for arbitrary data loading, potentially leading to incorrect calculations and protocol inconsistencies if a malicious or incorrect vault is provided.

Remediation Strategies

• Mitigating Pyth Price Feed Vulnerability

  To address the risks associated with using Pyth price feeds without confidence intervals, we enforced a stricter validation mechanism.

  This included integrating confidence intervals into price calculations, ensuring that liquidation and leverage decisions consider potential price fluctuations.

  Additionally, we introduced safeguards to reject prices with excessive uncertainty, reducing manipulation risks.

• Reducing Liquidation Risk Post-Freeze

  To prevent unfair liquidations after an unfreeze event, we introduced a cooldown period, allowing borrowers a grace period to adjust their positions before liquidations resume.

  This ensures fairer liquidation mechanics while maintaining protocol safety.

  Furthermore, automated position risk monitoring was enhanced to provide users with alerts when nearing critical thresholds.

• Preventing Liquidation Fee Bypass

  We restructured the liquidation process to ensure that fee deductions occur before closing instructions.

  This was achieved by enforcing transaction sequencing rules at the smart contract level, preventing liquidators from bypassing fees.

  Additionally, we introduced logging mechanisms to detect and flag irregular liquidation attempts.

• Fixing Inaccurate Fractional Arithmetic

  We corrected the implementation of fractional arithmetic functions by explicitly enforcing correct flooring and ceiling logic.

  Instead of relying on Rust's default integer truncation, we utilized precise rounding mechanisms that accurately perform division and multiplication operations, ensuring consistent and expected outcomes in all financial calculations.

• Validating Leverage Vault in Earn Vault Index Setting

  To prevent unauthorized or incorrect vault assignments, we implemented strict validation checks when setting the Earn vault index.

  The function now verifies that the specified Leverage vault exists and is correctly registered within the protocol. Any attempts to provide invalid or malicious vaults are rejected, ensuring calculation accuracy and system consistency.

Impressed by our findings and recommendations, the Pluto Team developers promptly Fixed all identified vulnerabilities.

Through our collaborative efforts, the Pluto protocol is now significantly more secure, ensuring the protection of user funds.

The Pluto Smart Contract security audit identified and addressed critical vulnerabilities, protecting user funds and ensuring platform stability. This case study demonstrates the importance of proactive security measures for blockchain-based projects, especially those dealing with financial assets. By conducting audits and addressing identified issues, the Pluto Team has taken a significant step towards securing its platform and safeguarding user trust.