Prepared by Fuzzland

Overview

This document details our collaborative engineering effort with Story Protocol regarding their protocol.

Project Name	Story Protocol (Core)
Repository Link	https://github.com/storyprotocol/protocol-core-v1
Commit	‣
Language	Solidity - Ethereum
Scope	contracts/*/.sol

Project Name	Story Protocol (Periphery)
Repository Link	https://github.com/storyprotocol/protocol-periphery
Commit	‣
Language	Solidity - Ethereum
Scope	contracts/*/.sol

Disclaimer

The audit does not ensure that it has identified every security issue in the smart contracts, and it should not be seen as a confirmation that there are no more vulnerabilities. The audit is not exhaustive, and we recommend further independent audits and setting up a public bug bounty program for enhanced security verification of the smart contracts. Additionally, this report should not be interpreted as personal financial advice or recommendations.

Auditing Process

Static Analysis: We perform static analysis using our internal tools and Slither to identify potential vulnerabilities and coding issues.
Fuzz Testing: We execute fuzz testing with our internal fuzzers to uncover potential bugs and logic flaws.
Invariant Development: We convert the project into Foundry project and develop Foundry invariant tests for the project based on the code semantics and documentations.
Invariant Testing: We run multiple fuzz testing tools, including Foundry and ItyFuzz, to identify violations of invariants we developed.
Formal Verification: We develop individual tests for critical functions and leverage Halmos to prove the functions in question are not vulnerable.
Manual Code Review: Our engineers manually review code to identify potential vulnerabilities not captured by previous methods.

Code Overview

Core

flowchart TD
    A[NFT] -->|register| B(ipAssetRegistry) --> |attachLicenseTerms|LicensingModule --> |attachLicenseTermsToIp|LICENSE_REGISTRY
    A1[LicenseTerm] -->|registerLicenseTerms| B1(piLicenseTemplate) --> |attachLicenseTerms|LicensingModule
	  LicensingModule --> registerDerivative --> |onLinkToParents|ROYALTY_MODULE
    LicensingModule --> ipId --> |verifyMintLicenseToken|LICENSE_REGISTRY --> _payMintingFee 
    LicensingModule --> ipId --> |verifyMintLicenseToken|LICENSE_REGISTRY --> mintLicenseTokens --> |mintLicenseTokens|LICENSE_NFT
    _payMintingFee  --> |onLicenseMinting|ROYALTY_MODULE
    _payMintingFee  --> |payLicenseMintingFee|ROYALTY_MODULE
    registerDerivative --> |registerDerivativeIp|LICENSE_REGISTRY
    LicensingModule --> registerDerivativeWithLicenseTokens --> |registerDerivativeIp|LICENSE_REGISTRY --> |burnLicenseTokens|LICENSE_NFT
	 LicensingModule --> registerDerivativeWithLicenseTokens --> |onLinkToParents|ROYALTY_MODULE

Periphery

flowchart TD
    A[RegisterPILPolicyParams] -->|registerPolicy| B(policyManager) --> policyId -->|registerIpWithSig|StoryProtocolGateway 
    policyId -->|mintAndRegisterIpWithSig|StoryProtocolGateway 
    C[SPG param] --> |createIpCollection|StoryProtocolGateway
    licenses--> |registerDerivativeIpWithSig|StoryProtocolGateway
    licenses--> |mintAndRegisterDerivativeIpWithSig|StoryProtocolGateway