Badger-Vested-Aura contest - 242's results

Bringing BTC to DeFi

General Information

Platform: Code4rena

Start Date: 15/06/2022

Pot Size: $30,000 USDC

Total HM: 5

Participants: 55

Period: 3 days

Judge: Jack the Pug

Id: 138

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 40/55

Findings: 1

Award: $51.26

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository BadgerDAO

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xFar5eer, 0xNazgul, 0xNineDec, 242, Chom, Czar102, Funen, GimelSec, Meera, Picodes, Sm4rty, Tadashi, TerrierLover, Waze, _Adam, a12jmx, asutorufos, codexploder, cryptphi, defsec, gzeon, hyh, joestakey, minhquanym, oyc_109, reassor, robee, saian, sorrynotsorry, unforgiven, zzzitron

Awards

51.2645 USDC - $51.26

Labels

bug

QA (Quality Assurance)

sponsor acknowledged

valid

External Links

Link to GitHub issue

LOW-01: When contract in a paused state, process expired locks can still be executed due to missing modifier

link: https://github.com/Badger-Finance/vested-aura/blob/v0.0.2/contracts/MyStrategy.sol#L391= MyStrategy.sol:L391 - function performUpkeep can execute external call: LOCKER.processExpiredLocks(false); even if contract has been set paused, due to lack of whenNotPaused modifier.

Fix: Consider adding whenNotPaused modifier to performUpkeep to prevent it from being executed when contract is paused.

#0 - GalloDaSballo
2022-06-19T01:55:03Z

Ack

Badger-Vested-Aura contest - 242's results

Bringing BTC to DeFi

General Information

Findings Distribution

Researcher Performance

External Links

[Q-25] QA Report - $51.26

Findings Information

Awards

Labels

External Links

LOW-01: When contract in a paused state, process expired locks can still be executed due to missing modifier

#0 - GalloDaSballo2022-06-19T01:55:03Z

#0 - GalloDaSballo
2022-06-19T01:55:03Z