Back to 0xblackskull's contests

AI Arena - 0xblackskull's results

In AI Arena you train an AI character to battle in a platform fighting game. Imagine a cross between Pokรฉmon and Super Smash Bros, but the characters are AIs, and you can train them to learn almost any skill in preparation for battle.

General Information

Platform: Code4rena

Start Date: 09/02/2024

Pot Size: $60,500 USDC

Total HM: 17

Participants: 283

Period: 12 days

Judge:

Id: 328

League: ETH

AI Arena

Findings Distribution

Researcher Performance

Rank: 24/283

Findings: 2

Award: $246.18

๐ŸŒŸ Selected for report: 0

๐Ÿš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAI Arena

Findings Information

๐ŸŒŸ Selected for report: nuthan2x

Also found by: 0xE1, 0xblackskull, 0xgrbr, 0xvj, Greed, McToady, MidgarAudits, PetarTolev, Sabit, SovaSlava, SpicyMeatball, Timenov, Tychai0s, _eperezok, alexxander, btk, c0pp3rscr3w3r, favelanky, jesjupyter, josephdara, juancito, klau5, kutugu, lil_eth, merlinboii, pynschon, sandy, shaflow2, zaevlad

Awards

7.2869 USDC - $7.29

Labels

bug
2 (Med Risk)
insufficient quality report
partial-25
:robot:_153_group
duplicate-1507

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L139-L142

Vulnerability details

Impact

Owner can not remove staker address after giving permission role.

Proof of Concept

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L139-L142

Tools Used

Code review

add removeStaker function

function removeStaker(address newStaker) external {
        require(msg.sender == _ownerAddress);
        hasStakerRole[newStaker] = false;
    }

Assessed type

Context

#0 - c4-pre-sort

2024-02-24T06:24:26Z

raymondfam marked the issue as insufficient quality report

#1 - c4-pre-sort

2024-02-24T06:25:13Z

raymondfam marked the issue as duplicate of #20

#2 - c4-judge

2024-03-05T10:04:41Z

HickupHH3 marked the issue as partial-25

Findings Information

๐ŸŒŸ Selected for report: Timenov

Also found by: 0x11singh99, 0xblackskull, CodeWasp, MidgarAudits, MrPotatoMagic, Rolezn, Sabit, SovaSlava, andywer, btk, josephdara, lil_eth, merlinboii, sobieski, vnavascues

Awards

238.8948 USDC - $238.89

Labels

bug
2 (Med Risk)
insufficient quality report
satisfactory
:robot:_01_group
duplicate-47

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/GameItems.sol#L185-L188

Vulnerability details

Impact

The setAllowedBurningAddresses function in the smart contract lacks a mechanism to revoke permission for burning addresses once they have been set to true. This oversight allows any address added to the allowedBurningAddresses mapping to retain permission indefinitely, potentially leading to unauthorized burning of tokens by previously authorized addresses.

Proof of Concept

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/GameItems.sol#L185-L188

Tools Used

Code Review

add removeAllowedBurningAddresses function

function removeAllowedBurningAddresses(address newBurningAddress) public {
        require(isAdmin[msg.sender]);
        allowedBurningAddresses[newBurningAddress] = false;
    }

Assessed type

Context

#0 - c4-pre-sort

2024-02-22T19:33:40Z

raymondfam marked the issue as insufficient quality report

#1 - c4-pre-sort

2024-02-22T19:33:47Z

raymondfam marked the issue as duplicate of #47

#2 - c4-judge

2024-03-08T03:30:51Z

HickupHH3 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax ยฉ 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter