Back to 0xDemon's contests

Open Dollar - 0xDemon's results

A floating $1.00 pegged stablecoin backed by Liquid Staking Tokens with NFT controlled vaults.

General Information

Platform: Code4rena

Start Date: 18/10/2023

Pot Size: $36,500 USDC

Total HM: 17

Participants: 77

Period: 7 days

Judge: MiloTruck

Total Solo HM: 5

Id: 297

League: ETH

Open Dollar

Findings Distribution

Researcher Performance

Rank: 73/77

Findings: 1

Award: $11.00

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOpen Dollar

Findings Information

🌟 Selected for report: 0xAadi

Also found by: 0xDemon, 0xlemon, 0xprinc, Arz, Giorgio, Greed, MrPotatoMagic, T1MOH, btk, ge6a, m4k2, nmirchev8, perseus, xAriextz, yashar

Awards

10.9998 USDC - $11.00

Labels

bug
2 (Med Risk)
partial-50
sufficient quality report
duplicate-429

External Links

Link to GitHub issue

Lines of code

https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/proxies/ODSafeManager.sol#L105-L109

Vulnerability details

Impact

User can’t set other address for manage SAFE

Proof of Concept

Open Dollar.jpg

User can only interact with SAFE using ODProxy. The user calls the execute function on ODProxy to make a delegatecall to the target contract to execute the intended function. But the problem here is that the delegatecall function cannot change the storage of the target contract. In this case, user use execute function to make delegatecall to execute allowsafe function on ODSafeManagerwith the aim of setting another address that can manage SAFE but because delegatecall does not change the storage in the target contract, this will be in vain and the allowSafe function will not work.

Tools Used

Manual review

Consider making a direct call to the allowSafe function from vault721.sol contract

Assessed type

call/delegatecall

#0 - c4-pre-sort

2023-10-26T06:10:38Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-10-26T06:11:07Z

raymondfam marked the issue as duplicate of #76

#2 - c4-pre-sort

2023-10-26T19:04:43Z

raymondfam marked the issue as duplicate of #380

#3 - c4-judge

2023-11-02T18:13:15Z

MiloTruck marked the issue as not a duplicate

#4 - c4-judge

2023-11-02T18:13:33Z

MiloTruck marked the issue as duplicate of #294

#5 - MiloTruck

2023-11-08T00:26:15Z

This report assumes that ODProxy delegate call directly into the ODSafeManager contract, and doesn't highlight the key issue which is that BasicActions.sol has missing functions.

#6 - c4-judge

2023-11-08T00:26:16Z

MiloTruck marked the issue as unsatisfactory: Insufficient proof

#7 - c4-judge

2023-11-11T08:18:45Z

MiloTruck removed the grade

#8 - c4-judge

2023-11-11T08:19:06Z

MiloTruck marked the issue as partial-50

#9 - MiloTruck

2023-11-11T08:20:11Z

Valid as per https://github.com/code-423n4/2023-10-opendollar-findings/issues/170#issuecomment-1806743587.

Giving only partial credit as this report is of extremely low quality, it barely describes the bug and its implications.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter