Back to 0xMilenov's contests

Maia DAO Ecosystem - 0xMilenov's results

Efficient liquidity renting and management across chains with Curvenized Uniswap V3.

General Information

Platform: Code4rena

Start Date: 30/05/2023

Pot Size: $300,500 USDC

Total HM: 79

Participants: 101

Period: about 1 month

Judge: Trust

Total Solo HM: 36

Id: 242

League: ETH

Maia DAO Ecosystem

Findings Distribution

Researcher Performance

Rank: 62/101

Findings: 1

Award: $172.82

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMaia DAO Ecosystem

Findings Information

🌟 Selected for report: zzebra83

Also found by: 0xMilenov, Fulum, bin2chen, its_basu

Labels

bug
2 (Med Risk)
satisfactory
duplicate-372

Awards

172.8238 USDC - $172.82

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/RootPort.sol#L361-L418

Vulnerability details

Impact

The incorrect usage of a variable in the addBridgeAgentFactory function can potentially lead to inconsistent data tracking, making it more difficult to accurately track the number of Bridge Agent Factories. This may impact the integrity of the system's state, and potentially expose other vulnerabilities, impacting the overall security of the contract.

Proof of Concept

The addBridgeAgentFactory function in the contract is meant to add new Bridge Agent Factories to the system and increment the counter tracking the total number of factories. However, the function erroneously uses bridgeAgentsLenght instead of bridgeAgentFactoriesLenght to increment the count of Bridge Agent Factories.

This can cause inconsistent and inaccurate tracking of the number of Bridge Agent Factories and Bridge Agents. As a result, there can be a discrepancy between the actual number of Bridge Agent Factories and the number reported by the bridgeAgentFactoriesLenght variable.

Here's the problematic code snippet:


function addBridgeAgentFactory(address _bridgeAgentFactory) external onlyOwner {
    bridgeAgentFactories[bridgeAgentsLenght++] = _bridgeAgentFactory;
    emit BridgeAgentFactoryAdded(_bridgeAgentFactory);
}

Tools Used

Manual review

Replace the variable bridgeAgentsLenght with bridgeAgentFactoriesLenght in the addBridgeAgentFactory function. This will ensure that the correct variable is incremented when a new Bridge Agent Factory is added, and thus accurately track the total number of Bridge Agent Factories. The corrected code should look like this:


function addBridgeAgentFactory(address _bridgeAgentFactory) external onlyOwner {
-    bridgeAgentFactories[bridgeAgentsLenght++] = 
+    bridgeAgentFactories[bridgeAgentFactoriesLenght++] =     
_bridgeAgentFactory;
    emit BridgeAgentFactoryAdded(_bridgeAgentFactory);
}

Assessed type

Other

#0 - c4-judge

2023-07-11T08:15:36Z

trust1995 marked the issue as primary issue

#1 - c4-judge

2023-07-11T08:15:41Z

trust1995 marked the issue as satisfactory

#2 - c4-judge

2023-07-11T14:32:04Z

trust1995 marked the issue as duplicate of #372

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter