Back to 0x1f8b's contests

JPEG'd contest - 0x1f8b's results

Bridging the gap between DeFi and NFTs.

General Information

Platform: Code4rena

Start Date: 07/04/2022

Pot Size: $100,000 USDC

Total HM: 20

Participants: 62

Period: 7 days

Judge: LSDan

Total Solo HM: 11

Id: 107

League: ETH

JPEG'd

Findings Distribution

Researcher Performance

Rank: 19/62

Findings: 3

Award: $705.31

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJPEG'd

Findings Information

🌟 Selected for report: hickuphh3

Also found by: 0x1f8b, AuditsAreUS, Foundation, Kthere, Meta0xNull, WatchPug, rayn

Labels

bug
duplicate
3 (High Risk)

Awards

471.3531 USDC - $471.35

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/lock/JPEGLock.sol#L56

Vulnerability details

Impact

If the owner incorrectly uses the lockFor method and calls it twice with the same _nftIndex, it will overwrite the record and the deposited jpeg can never be retrieved.

Proof of Concept

  • Owner call lockFor(Alice,0,100);
  • Owner call lockFor(Bob,0,100);
  • 100 tokens are lost.

It's mandatory to check that the position does not exist, or return the _nftIndex as a counter in this method.

#0 - spaghettieth

2022-04-12T20:04:25Z

Duplicate of #10

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x1f8b, 0xDjango, 0xkatana, AuditsAreUS, Cityscape, Foundation, Funen, Hawkeye, IllIllI, JC, JMukesh, Jujic, Kthere, PPrieditis, Picodes, Ruhum, TerrierLover, TrungOre, WatchPug, berndartmueller, catchup, cccz, cmichel, delfin454000, dy, ellahi, hickuphh3, horsefacts, hubble, hyh, ilan, jayjonah8, kebabsec, kenta, minhquanym, pauliax, rayn, reassor, rfa, robee, samruna

Awards

151.5077 USDC - $151.51

Labels

bug
QA (Quality Assurance)
resolved
sponsor confirmed

External Links

Link to GitHub issue
  1. It was found some transfer or transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of approve methods.
  1. Lack of input checks.

#0 - spaghettieth

2022-04-14T14:11:31Z

Fixed first point in https://github.com/jpegd/core/pull/1

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Cr4ckM3, FSchmoede, Foundation, Funen, Hawkeye, IllIllI, JMukesh, Meta0xNull, PPrieditis, Picodes, TerrierLover, Tomio, WatchPug, berndartmueller, catchup, delfin454000, dirk_y, ellahi, hickuphh3, ilan, kebabsec, kenta, nahnah, rayn, rfa, robee, rokinot, saian, securerodd, slywaters, sorrynotsorry

Awards

82.4497 USDC - $82.45

Labels

bug
G (Gas Optimization)
sponsor acknowledged

External Links

Link to GitHub issue
  1. Change the incremental logic from i++ to ++i in order to save some opcodes:
  1. Use delete instead of set to default value (false or 0)
  1. It's compared a boolean value using == true or == false, instead of using the boolean value, or NOT opcode, it's cheaper to use NOT when the value it's false, or just the value without == true, when it's true, because it will use less opcode inside the VM.
  1. It's possible to optimize the following structs in order to save storage slots:
    struct PositionPreview {
        address owner;
        uint256 nftIndex;
        bytes32 nftType;
        uint256 nftValueUSD;
        VaultSettings vaultSettings;
        uint256 creditLimit;
        uint256 debtPrincipal;
        uint256 debtInterest;
        BorrowType borrowType; // move this two at the end, close to liquidator
        bool liquidatable;     // move this two at the end, close to liquidator
        uint256 liquidatedAt;
        address liquidator;
    }
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter