Back to 0x1f8b's contests

Badger Citadel contest - 0x1f8b's results

Bringing BTC to DeFi

General Information

Platform: Code4rena

Start Date: 14/04/2022

Pot Size: $75,000 USDC

Total HM: 8

Participants: 72

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 2

Id: 110

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 41/72

Findings: 2

Award: $148.22

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBadgerDAO

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s

Awards

91.3943 USDC - $91.39

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. OPEN TODO, it's a bad practice to have unfinished code during a security review.
  1. Unsecure Ownership Transfer

The modification process of an owner is a delicate process, since the governance of our contract and therefore of the project may be at risk, for this reason it is recommended to adjust the owner’s modification logic, to a logic that allows to verify that the new owner is in fact valid and does exist. It's mandatory to create a logic of the owner’s modification where a new owner is proposed first, the owner accepts the proposal and, in this way, we make sure that there are no errors when writing the address of the new owner.

  1. Lack of input checks. Is not checked that the address is a contract distinct to address(0).

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s

Awards

56.8267 USDC - $56.83

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. There are require messages bigger than 32 bytes. More than 32 bytes for message will incur an extra gas costs.
  1. It's compared a boolean value using == true or == false, instead of using the boolean value, or NOT opcode, it's cheaper to use NOT when the value it's false, or just the value without == true, when it's true, because it will use less opcode inside the VM.
  1. Change the incremental logic from i++ to ++i in order to save some opcodes:
  1. Avoid require when found in GlobalAccessControlManaged.sol#51
    modifier onlyRoles(bytes32[] memory roles) {
        uint256 rl = roles.length;
        for (uint256 i = 0; i < rl; ++i) {
            bytes32 role = roles[i];
            if (gac.hasRole(role, msg.sender)) {
                _;
                return;
            }
        }
        revert("GAC: invalid-caller-role");
    }
  1. Invert condition in GlobalAccessControlManaged.sol.onlyRoleOrAddress because it will be very cheaper if it was the address and not the role
require(
-           gac.hasRole(role, msg.sender) || msg.sender == account,
+           msg.sender == account || gac.hasRole(role, msg.sender),
            "GAC: invalid-caller-role-or-address"
        );
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter