Platform: Code4rena
Start Date: 27/05/2021
Pot Size: $100,000 USDC
Total HM: 12
Participants: 7
Period: 7 days
Judge: LSDan
Total Solo HM: 10
Id: 12
League: ETH
Rank: 5/7
Findings: 1
Award: $6,443.39
🌟 Selected for report: 1
🚀 Solo Findings: 0
6443.3912 USDC - $6,443.39
0xsomeone
It is possible to duplicate currently held ink or art within a Cauldron, thereby breaking the contract's accounting system minting units out of thin air.
The stir function of the Cauldron, which can be invoked via a Ladle operation, caches balances in memory before decrementing and incrementing. As a result, if a transfer to self is performed, the assignment balances[to] = balancesTo will contain the added-to balance instead of the neutral balance.
This allows one to duplicate any number of ink or art units at will, thereby severely affecting the protocol's integrity. A similar attack was exploited in the third bZx hack resulting in a roughly 8 million loss.
Code Referenced: https://github.com/code-423n4/2021-05-yield/blob/main/contracts/Cauldron.sol#L268-L295
Manual Review.
A require check should be imposed that prohibits the from and to variables to be equivalent.
#0 - alcueca
2021-06-01T11:19:41Z
It is a good finding, and a scary one. It will be fixed. Duplicated with #7.