Back to 0v3rf10w's contests

Boot Finance contest - 0v3rf10w's results

Custom DEX AMM for Defi Projects

General Information

Platform: Code4rena

Start Date: 04/11/2021

Pot Size: $50,000 USDC

Total HM: 20

Participants: 28

Period: 7 days

Judge: 0xean

Total Solo HM: 11

Id: 51

League: ETH

Boot Finance

Findings Distribution

Researcher Performance

Rank: 14/28

Findings: 3

Award: $706.36

🌟 Selected for report: 3

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBoot Finance

Findings Information

🌟 Selected for report: Reigada

Also found by: 0v3rf10w, Ruhum, WatchPug, cmichel, defsec, loop, pauliax

Labels

bug
duplicate
2 (Med Risk)

Awards

52.1514 USDC - $52.15

External Links

Link to GitHub issue

Handle

0v3rf10w

Vulnerability details

Impact

Unchecked transfer leading to free deposits to attacker account

Proof of Concept

function :: BasicSale._processWithdrawal(uint256,uint256,address) (tge/contracts/PublicSale.sol#212-229)

Several tokens do not revert in case of failure and return false. The return value of transfer mainToken.transfer(_member,v_value) (tge/contracts/PublicSale.sol#224) is not checked, and so if deposit will not revert if the transfer fails, and an attacker can call deposit for free.

Tools Used

Manual

Return value needs to checked or use SafeREC20

#0 - chickenpie347

2021-11-16T14:06:01Z

Addressed in #31.

Findings Information

🌟 Selected for report: 0v3rf10w

Also found by: Reigada

Labels

bug
2 (Med Risk)
sponsor confirmed

Awards

392.5282 USDC - $392.53

External Links

Link to GitHub issue

Handle

0v3rf10w

Vulnerability details

Impact

Unchecked low-level calls

Proof of Concept

Unchecked cases at 2 places :- BasicSale.receive() (2021-11-bootfinance/tge/contracts/PublicSale.sol#148-156) ignores return value by burnAddress.call{value: msg.value}() (2021-11-bootfinance/tge/contracts/PublicSale.sol#154)

BasicSale.burnEtherForMember(address) (2021-11-bootfinance/tge/contracts/PublicSale.sol#158-166) ignores return value by burnAddress.call{value: msg.value}() (2021-11-bootfinance/tge/contracts/PublicSale.sol#164)

Tools Used

Manual

The return value of the low-level call is not checked, so if the call fails, the Ether will be locked in the contract. If the low level is used to prevent blocking operations, consider logging failed calls.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter