Back to 0x52's contests

Badger-Vested-Aura contest - 0x52's results

Bringing BTC to DeFi

General Information

Platform: Code4rena

Start Date: 15/06/2022

Pot Size: $30,000 USDC

Total HM: 5

Participants: 55

Period: 3 days

Judge: Jack the Pug

Id: 138

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 48/55

Findings: 1

Award: $50.71

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBadgerDAO

Findings Information

🌟 Selected for report: Picodes

Also found by: 0x1f8b, 0x52, Chom, GimelSec, IllIllI, berndartmueller, cccz, defsec, georgypetrov, hyh, kenzo, minhquanym, oyc_109, scaraven, unforgiven

Awards

50.7077 USDC - $50.71

Labels

bug
duplicate
2 (Med Risk)
valid

External Links

Link to GitHub issue

Lines of code

https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L219-L282

Vulnerability details

Impact

Harvested funds stolen

Proof of Concept

_harvest does not implement any kind of minimum out when calling the 3 consecutive swaps (L249, L263 and L275) to get from auraBal to Aura. An attacker could easily sandwich the least liquid pool and steal all the harvested funds

Tools Used

All balancer pools have a TWAP built into them. For each swap first pull the TWAP value and implement a slippage calculation based on that. Keep in mind that TWAP is updated before the state change of the previous swap therefore the slippage value chosen should be wider to account for it to keep failed transactions to a minimum

#0 - KenzoAgada

2022-06-22T10:18:25Z

Duplicate of #155

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter