Back to 0xliumin's contests

Anchor contest - 0xliumin's results

The Benchmark DeFi Yield.

General Information

Platform: Code4rena

Start Date: 24/02/2022

Pot Size: $170,000 UST

Total HM: 15

Participants: 16

Period: 14 days

Judge: Albert Chon

Total Solo HM: 11

Id: 82

League: COSMOS

Anchor

Findings Distribution

Researcher Performance

Rank: 14/16

Findings: 1

Award: $688.37

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAnchor

Findings Information

🌟 Selected for report: hickuphh3

Also found by: 0xliumin, 0xwags, BondiPestControl, IllIllI, WatchPug, broccoli, cccz, cmichel, defsec, gzeon, hubble, robee

Labels

bug
QA (Quality Assurance)
disagree with severity
sponsor confirmed

Awards

688.3715 USDC - $688.37

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/anchor-token-contracts/contracts/gov/src/contract.rs#L530-L531

Vulnerability details

Impact

Users will still be able to find failed polls under "Executed" and "Failed"

Proof of Concept

A poll attempts to execute and fails. That poll will stay in the poll indexer as executed and failed.

Mitigation

Passed should be Executed.

Test proof: https://pastebin.com/Cz0wujn9

#0 - bitn8

2022-04-19T20:16:06Z

This correct. However, I wouldn't classify it as a medium risk bug as this doesn't open and risk or attack vectors

#1 - GalloDaSballo

2022-08-07T00:48:24Z

Valid informational finding

#2 - albertchon

2022-09-19T02:13:42Z

Informational, but doesn't result in a vulnerability, so downgrading to QA.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter