Back to 0xImpostor's contests

Float Capital contest - 0xImpostor's results

Synthetic assets made simple. No overcollateralization. No liquidation. Not a fork.

General Information

Platform: Code4rena

Start Date: 05/08/2021

Pot Size: $50,000 USDC

Total HM: 9

Participants: 16

Period: 7 days

Judge: 0xean

Total Solo HM: 4

Id: 22

League: ETH

Float Capital

Findings Distribution

Researcher Performance

Rank: 11/16

Findings: 3

Award: $786.34

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFloat Capital

Findings Information

🌟 Selected for report: gpersoon

Also found by: 0xImpostor, hack3r-0m, jonah1005, loop, pauliax, shw

Labels

bug
duplicate
3 (High Risk)
sponsor confirmed
disagree with severity
resolved

Awards

139.9465 USDC - $139.95

External Links

Link to GitHub issue

Handle

0xImpostor

Vulnerability details

Impact

Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps.

Proof of Concept

  1. Create 2 synth market without initializing them
  2. Call initializeMarket twice
  3. Synth tokens are minted twice to the second market and none to the first market.

Tools Used

Manual analysis

Replace latestMarket on lines 315 and 319 to marketIndex

#0 - JasoonS

2021-08-10T16:13:10Z

Duplicate of #9

Severity 2 medium risk

Findings Information

🌟 Selected for report: gpersoon

Also found by: 0xImpostor

Labels

bug
duplicate
0 (Non-critical)
sponsor confirmed
resolved
fixed-in-upstream-repo

Awards

351.1121 USDC - $351.11

External Links

Link to GitHub issue

Handle

0xImpostor

Vulnerability details

Impact

Misunderstanding on dev side

Tools Used

Manual analysis

https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L480

Replace 10e18 in // NOTE: x * 5e17 == (x * 10e18) / 2 with 1e18

#0 - JasoonS

2021-08-11T09:56:39Z

Thank you, duplicate: #12

Findings Information

🌟 Selected for report: 0xImpostor

Labels

bug
G (Gas Optimization)
sponsor disputed

Awards

249.7566 USDC - $249.76

External Links

Link to GitHub issue

Handle

0xImpostor

Vulnerability details

Impact

Small gas optimization if you pass the time delta into _setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot and _calculateNewCumulativeIssuancePerStakedSynth

Proof of Concept

https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L635

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L635
uint256 **timeDelta** = _calculateTimeDeltaFromLastAccumulativeIssuancePerStakedSynthSnapshot(marketIndex);
if (**timeDelta** > 0) {
	_setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot(
    marketIndex,
    longPrice,
    shortPrice,
    longValue,
    shortValue,
		**timeDelta**
  );
}

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L567
function _setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot(
  uint32 marketIndex,
  uint256 longPrice,
  uint256 shortPrice,
  uint256 longValue,
  uint256 shortValue,
	uint256 **timeDelta**
) internal virtual {
	(
    uint256 newLongAccumulativeValue,
    uint256 newShortAccumulativeValue
  ) = _calculateNewCumulativeIssuancePerStakedSynth(marketIndex, longPrice, shortPrice, longValue, shortValue, **timeDelta**);
	...
}

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L531
function _calculateNewCumulativeIssuancePerStakedSynth(
  uint32 marketIndex,
  uint256 longPrice,
  uint256 shortPrice,
  uint256 longValue,
  uint256 shortValue,
	**uint256 timeDelta,**
) internal view virtual returns (uint256 longCumulativeRates, uint256 shortCumulativeRates) {
  // Compute the current 'r' value for float issuance per second.
  (uint256 longFloatPerSecond, uint256 shortFloatPerSecond) = _calculateFloatPerSecond(
    marketIndex,
    longPrice,
    shortPrice,
    longValue,
    shortValue
  );
	...
}

Tools Used

manual analysis

#0 - JasoonS

2021-08-11T09:22:02Z

I believe it is unfair game to award bounty for this. It is written on the line above. All wardens who read the contracts saw this.

#1 - JasoonS

2021-08-11T09:22:19Z

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/Staker.sol#L634 (the comment that was there before the code was released)

#2 - 0xean

2021-08-25T16:23:37Z

Awarding to warden based on the fact that they are being asked to review the current code base for gas optimizations and even if this optimization was commented, it wasn't implemented.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter