Back to 0xWeiss's contests

Caviar Private Pools - 0xWeiss's results

A fully on-chain NFT AMM that allows you to trade every NFT in a collection.

General Information

Platform: Code4rena

Start Date: 07/04/2023

Pot Size: $47,000 USDC

Total HM: 20

Participants: 120

Period: 6 days

Judge: GalloDaSballo

Total Solo HM: 4

Id: 230

League: ETH

Caviar

Findings Distribution

Researcher Performance

Rank: 115/120

Findings: 1

Award: $5.98

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCaviar

Findings Information

🌟 Selected for report: adriro

Also found by: 0x4non, 0x5rings, 0xLanterns, 0xWeiss, 0xbepresent, Brenzee, ElKu, Kek, Koolex, Naubit, T1MOH, ToonVH, anodaram, aviggiano, ayden, chaduke, ck, cryptonue, giovannidisiena, indijanc, joestakey, saian, shaka, yixxas

Awards

5.9827 USDC - $5.98

Labels

bug
2 (Med Risk)
satisfactory
edited-by-warden
duplicate-858

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/PrivatePool.sol#L733

Vulnerability details

Impact

The issue relies here:

https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/PrivatePool.sol#L733

This line of code is related to the calculation of the exponent value, which is used to determine the number of decimal places for a given ERC20 token. Specifically, the issue is that this code is not capable of handling tokens with less than 3 decimals, as it will cause the token to be stuck and unchangeable.

The issue arises from the fact that the exponent value is calculated by subtracting 4 from the number of decimal places for the ERC20 token. This is done to obtain the correct number of decimal places for the token when performing mathematical operations.

However, if the token has less than 3 decimal places, this calculation will result in a negative value for the exponent, which will cause the token to become stuck and unchangeable.

It is unchangeable because changeFeeQuote is also used when changing the NFTs. So, if the baseToken is less than 4 decimals, you won't be able to change your NFTs because all transactions will fail.

https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/PrivatePool.sol#L416

It is a medium and not a high because tokens of 3 decimals or less are not very common but the impact would be high. The issue arises also from the fact that Caviar has no documentation about admitting tokens with x decimals. There is not a single place where it says that tokens < than x decimals are not welcomed

Proof of Concept

It is a logical issue error, therefore no PoC is needed. But the steps for these to happen:

-Use baseToken in a pool as a token with < 4 decimals -People start using the pool with the token(if it is important enough) -People are not able to call change because the transaction fails while calling changeFeeQuote

Tools Used

Manual

Either make support for <4 decimal tokens or clearly state that they are not supported

#0 - c4-pre-sort

2023-04-20T15:22:50Z

0xSorryNotSorry marked the issue as duplicate of #858

#1 - c4-judge

2023-05-01T07:14:47Z

GalloDaSballo marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter