Platform: Code4rena
Start Date: 23/05/2022
Pot Size: $50,000 USDC
Total HM: 44
Participants: 99
Period: 5 days
Judge: hickuphh3
Total Solo HM: 11
Id: 129
League: ETH
Rank: 24/99
Findings: 2
Award: $458.12
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: xiaoming90
Also found by: 0x52, PP1004, sashik_eth, shenwilly
Vested rewards from BathBuddy can be stolen
Each time withdraw() is called the following lines are used to determine the reward for the given withdraw:
This means that if 10% of outstanding shares are withdrawn, then 10% of the vested rewards are also distributed. An attacker could deposit assets to obtain shares then immediately call withdraw to receive rewards from BathBuddy and their initial deposit back from BathToken. They can then deposit the same assets again and keep repeating the cycle until all vested rewards have been drained from BathBuddy.
A mapping should be implement to track when a user deposited tokens and make vesting reliant on both the time and amount deposited
#0 - bghughes
2022-06-03T23:33:35Z
Duplicate of #109 #450 #283
#1 - HickupHH3
2022-06-18T06:43:55Z
Duplicate of #109
67.7551 USDC - $67.76
Submitting as medium risk bug because it would have to be a whitelisted strategist
Malicious strategist can steal all user funds
TailOff allows strategist to specify both the minimum out and the contract responsible for swapping tokens. Malicious/compromised strategist can easily steal all user funds in contract by referencing malicious _stratUtil and 0 for the hurdle amount or by sandwich attack on legitimate _stratUtil and hurdle of 0
Limit _stratUtil to whitelisted contract and implement a slippage limit
#0 - bghughes
2022-06-03T21:51:08Z
Strategists are assumed trusted in the current centralized system
#1 - HickupHH3
2022-06-23T14:10:17Z
duplicate of #211