SKALE contest - 0xwags's results

The only Ethereum native multichain scaling network.

General Information

Platform: Code4rena

Start Date: 18/02/2022

Pot Size: $125,000 USDC

Total HM: 13

Participants: 24

Period: 14 days

Judge: GalloDaSballo

Total Solo HM: 6

Id: 88

League: ETH

SKALE

Findings Distribution

Researcher Performance

Rank: 20/24

Findings: 1

Award: $390.51

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository SKALE

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0xwags, cmichel, csanuragjain, gzeon, jayjonah8, kenta, kirk-baird, kyliek, leastwood, rfa, robee, ye0lde

Labels

bug

QA (Quality Assurance)

Awards

390.5096 USDC - $390.51

External Links

Link to GitHub issue

Time limit should be greater than >0

If limit is set to 0 then no delay between msgs sent. Or set a constant with a maximum time and then require(newTimeStamp<MAX_TIME)

https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/schain/CommunityLocker.sol#L197)l

Have either a maximum(and any values set should be less as mentioned above ) for values below or ensure that it is >0:

https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/MessageProxyForMainnet.sol#L264

[https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/MessageProxyForMainnet.sol#L276]

For the above mentioned line(276),it will have implications for :

[https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/mainnet/MessageProxyForMainnet.sol#L232-L233]

as no gas will be refunded to the user as we don't know whether additionalGasPerMessage is a non-zero value.

Also, here that uses the same variable :

https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/MessageProxyForMainnet.sol#L252

Events:

Emit an event for when chains are connected or disconnected. See below :

https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/schain/TokenManagerLinker.sol#L144

[https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/schain/TokenManagerLinker.sol#L164]

#0 - DimaStebaev
2022-03-14T15:28:21Z

These parameters are set by the Foundation during voting so new value will be carefully verified.

#1 - GalloDaSballo
2022-05-05T14:08:30Z

Time limit should be greater than >0

Agree that lack of validation puts more than necessary trust in the CONSTANT_SETTER_ROLE

Emit an event for when chains are connected or disconnected. See below :

Informational in nature

#2 - GalloDaSballo
2022-05-05T14:08:46Z

Formatting was really off, would recommend the warden to use a Markdown preview tool

SKALE contest - 0xwags's results

The only Ethereum native multichain scaling network.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-09] QA Report - $390.51

Findings Information

Labels

Awards

External Links

#0 - DimaStebaev2022-03-14T15:28:21Z

#1 - GalloDaSballo2022-05-05T14:08:30Z

Time limit should be greater than >0

Emit an event for when chains are connected or disconnected. See below :

#2 - GalloDaSballo2022-05-05T14:08:46Z

#0 - DimaStebaev
2022-03-14T15:28:21Z

#1 - GalloDaSballo
2022-05-05T14:08:30Z

#2 - GalloDaSballo
2022-05-05T14:08:46Z