Back to 0x52's contests

Canto Dex Oracle contest - 0x52's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 07/09/2022

Pot Size: $20,000 CANTO

Total HM: 7

Participants: 65

Period: 1 day

Judge: 0xean

Total Solo HM: 3

Id: 159

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 63/65

Findings: 1

Award: $39.22

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: lukris02

Also found by: 0x040, 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xSky, Bnke0x0, Bronicle, CertoraInc, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, EthLedger, IgnacioB, JC, JansenC, Jeiwan, R2, RaymondFam, ReyAdmirado, Rolezn, SinceJuly, TomJ, Tomo, Yiko, a12jmx, ajtra, ak1, codexploder, cryptphi, csanuragjain, erictee, fatherOfBlocks, gogo, hake, hansfriese, hickuphh3, ignacio, ontofractal, oyc_109, p_crypt0, pashov, peritoflores, rajatbeladiya, rbserver, rokinot, rvierdiiev, tnevler

Awards

242.8216 CANTO - $39.22

Labels

bug
disagree with severity
QA (Quality Assurance)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-09-canto/blob/65fbb8b9de22cf8f8f3d742b38b4be41ee35c468/src/Swap/BaseV1-periphery.sol#L525-L534 https://github.com/code-423n4/2022-09-canto/blob/65fbb8b9de22cf8f8f3d742b38b4be41ee35c468/src/Swap/BaseV1-periphery.sol#L537-L546

Vulnerability details

Impact

Tokens with token.decimals > 18 will experience precision loss and return an incorrect price

Proof of Concept

return price * 1e18 / decimals;

When token.decimals > 18, the above line will experience precision loss because decimals > 1e18. This precision loss will cause BaseV1-periphery.sol#getPriceCanto and getPriceNote to return an incorrect price.

Tools Used

Disable oracle functionality on tokens where token.decimals > 18

#0 - nivasan1

2022-09-10T16:41:58Z

Chain governance is able to determine which tokens will be supported in the lending market. These are the only tokens whose prices will be calculated from the getUnderlyingPrice method in the router. As such, it is not expected that many tokens with > 18 decimals will be supported. Furthermore, for any noticeable loss of precision resulting from this calculation to exist, the token would need to be worth ~< 1/1000 USD, in which case, it is not clear why it would be supported in the lending market.

#1 - 0xean

2022-09-12T13:09:38Z

downgrading to QA, warden doesn't demonstrate a clear attack path of any significant value to the system with the identified loss or precision.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter