Kuiper contest - 0v3rf10w's results

Automated portfolio protocol.

General Information

Platform: Code4rena

Start Date: 08/12/2021

Pot Size: $30,000 ETH

Total HM: 12

Participants: 26

Period: 3 days

Judge: leastwood

Total Solo HM: 9

Id: 65

League: ETH

Kuiper

Findings Distribution

Researcher Performance

Rank: 9/26

Findings: 1

Award: $690.85

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Kuiper

Findings Information

🌟 Selected for report: kenzo

Also found by: 0v3rf10w

Labels

bug

duplicate

2 (Med Risk)

sponsor confirmed

Awards

690.8489 USDC - $690.85

External Links

Link to GitHub issue

Handle

0v3rf10w

Vulnerability details

Impact

divide-before-multiply can lead to miscalculation of fees in below function

Proof of Concept

Vulnerable Function : Basket.handleFees(uint256) (Basket.sol#133-153) :

        uint256 feePct = timeDiff * licenseFee / ONE_YEAR;
        uint256 fee = startSupply * feePct / (BASE - feePct);
        _mint(publisher, fee * (BASE - factory.ownerSplit()) / BASE);
        _mint(Ownable(address(factory)).owner(), fee * factory.ownerSplit() / BASE);

Tools Used

Manual and Slither

Recommended Mitigation Steps

Consider ordering multiplication before division to prevent miscalculation

#0 - 0xleastwood
2022-03-27T03:06:21Z

Duplicate of #60

Kuiper contest - 0v3rf10w's results

Automated portfolio protocol.

General Information

Findings Distribution

Researcher Performance

External Links

[M-08] divide-before-multiply - $690.85

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xleastwood2022-03-27T03:06:21Z

#0 - 0xleastwood
2022-03-27T03:06:21Z