Lybra Finance - 0xhacksmithh's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 96/132

Findings: 1

Award: $29.06

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Lybra Finance

Findings Information

🌟 Selected for report: Musaka

Also found by: 0xhacksmithh, 0xnev, CrypticShepherd, LuchoLeonel1, T1MOH, bytes032, cccz, devival, josephdara, ktg, squeaky_cactus

Labels

bug

2 (Med Risk)

satisfactory

sponsor confirmed

duplicate-268

Awards

29.0567 USDC - $29.06

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/governance/LybraGovernance.sol#L143-L145 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/governance/LybraGovernance.sol#L147-L149

Vulnerability details

Impact

Returning wrong time value

Proof of Concept

These 2 functions returning 3second for votingPeriod and 1second for voatingDelay.

    function votingPeriod() public pure override returns (uint256){
         return 3; // @audit-issue
    }

     function votingDelay() public pure override returns (uint256){
         return 1; // @audit
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Should re-check this

Assessed type

Context

#0 - JeffCX
2023-07-04T14:08:42Z

Insufficient proof, the report does not explain why the number is wrong

#1 - c4-sponsor
2023-07-18T06:29:41Z

LybraFinance marked the issue as sponsor confirmed

#2 - c4-judge
2023-07-26T12:43:08Z

0xean marked the issue as duplicate of #268

#3 - c4-judge
2023-07-28T15:43:51Z

0xean marked the issue as satisfactory

Lybra Finance - 0xhacksmithh's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Findings Distribution

Researcher Performance

External Links

[M-16] Wrong Time variable Used In Functions `votingPeriod()` and `votingDelay()` - $29.06

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Assessed type

#0 - JeffCX2023-07-04T14:08:42Z

#1 - c4-sponsor2023-07-18T06:29:41Z

#2 - c4-judge2023-07-26T12:43:08Z

#3 - c4-judge2023-07-28T15:43:51Z

#0 - JeffCX
2023-07-04T14:08:42Z

#1 - c4-sponsor
2023-07-18T06:29:41Z

#2 - c4-judge
2023-07-26T12:43:08Z

#3 - c4-judge
2023-07-28T15:43:51Z