Platform: Code4rena
Start Date: 29/06/2022
Pot Size: $50,000 USDC
Total HM: 20
Participants: 133
Period: 5 days
Judge: hickuphh3
Total Solo HM: 1
Id: 142
League: ETH
Rank: 30/133
Findings: 4
Award: $482.41
π Selected for report: 1
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x29A, 0xDjango, 0xc0ffEE, AmitN, BowTiedWardens, StErMi, auditor0517, berndartmueller, cccz, danb, dipp, dirk_y, hansfriese, horsefacts, hyh, kirk-baird, oyc_109, peritoflores, rfa, sseefried, swit, xiaoming90, zzzitron
5.5216 USDC - $5.52
Judge has assessed an item in Issue #333 as Medium risk. The relevant finding follows:
#0 - HickupHH3
2022-07-14T15:59:56Z
In fillOrder function and exercise function, the case when the order base asset is not WETH and the msg.value > 0 makes user losing ether. Consider transfers the ether amount not needed back to users, or let users withdraw it.
dup of #226
π Selected for report: 0xc0ffEE
Also found by: horsefacts, pedroais, unforgiven
420.5209 USDC - $420.52
The malicious user could leverage PuttyV2 contract to flashloan without paying fee the assets to make profit.
Consider a scenario that maker and taker is the same, and is a contract
fillOrder with a Long Call order that has order.baseAssets references to a contract having custom logic other than standard ERC20. The order also specify erc20Assets to the token and tokenAmount that PuttyV2 contract is owing (similar to erc721Assets)order.baseAsset.exercise to exercise the short call position. This call will transfer out the assets specified in the order to the malicious contract by executing logics in _transferERC20sOut, _transferERC721sOutfillOrder, the contract just transfers enough assets back to PuttyV2 by executing logics in _transferERC20sIn, _transferERC721sIn to finish the execution#0 - GalloDaSballo
2022-07-05T01:42:16Z
Warden is saying that they can flashloan without fee, but any exercised option will pay a 3% fee, additionally the order of operations shown (gain control on base.asset.transfer when receiving premium), would mean that the order ERC20s and NFTs have yet to be transferred in, so a "mid-fillOrder" "exercise" would not only pay the fee, but also revert due to lack of the tokens
#1 - Pedroais
2022-07-05T12:25:42Z
Warden is saying that they can flashloan without fee, but any exercised option will pay a 3% fee, additionally the order of operations shown (gain control on base.asset.transfer when receiving premium), would mean that the order ERC20s and NFTs have yet to be transferred in, so a "mid-fillOrder" "exercise" would not only pay the fee, but also revert due to lack of the tokens
The 3% will be paid in the fake asset since base asset is an attacker contract so there is no fee to perform the attack.
This attack is done with assets that are already inside the contract so there is no revert in transfer out.
#2 - outdoteth
2022-07-05T13:28:49Z
Acknowledging that technically this is true. Although no easy mitigation exists as far as I can see aside from adding nonReentrant to exercise and fillOrder - adding a non-negligible gas overhead.
#3 - GalloDaSballo
2022-07-05T14:11:08Z
I agree that the finding is valid, the fee can be paid in a mintable token to gain temporary ownership of a token underlying which is repaid at the end of fillOrder
#4 - outdoteth
2022-07-08T13:32:22Z
Report: Itβs possible to flashloan all assets in the contract without paying a protocol fee
#5 - HickupHH3
2022-07-13T06:35:23Z
Flash loans from the contract would be a feature, not a bug. However, being able to do so without paying a protocol fee (ie. paying in fake tokens) wouldn't be great.
π Selected for report: horsefacts
Also found by: 0xc0ffEE, IllIllI, Picodes, Sm4rty, berndartmueller, csanuragjain, shenwilly, unforgiven
35.1904 USDC - $35.19
Judge has assessed an item in Issue #333 as Medium risk. The relevant finding follows:
#0 - HickupHH3
2022-07-14T16:00:31Z
Consider using safeMint in fillOrder in case the maker or taker is a contract to make sure the contract is aware of the position minted
dup of #327
π Selected for report: GalloDaSballo
Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot
21.1794 USDC - $21.18
unchecked for calculation since overflow is impossibleunchecked as underflow is impossible since feeAmount is lower than order.strikefor(uint256 i = 0; i < arr.length; ){ ... do something; unchecked{++i} }