Back to 8olidity's contests

Basin - 8olidity's results

A composable EVM-native decentralized exchange protocol.

General Information

Platform: Code4rena

Start Date: 03/07/2023

Pot Size: $40,000 USDC

Total HM: 14

Participants: 74

Period: 7 days

Judge: alcueca

Total Solo HM: 9

Id: 259

League: ETH

Basin

Findings Distribution

Researcher Performance

Rank: 38/74

Findings: 1

Award: $17.52

QA:
grade-a

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBasin

Findings Information

🌟 Selected for report: 0xprinc

Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-

Awards

17.5208 USDC - $17.52

Labels

bug
downgraded by judge
grade-a
QA (Quality Assurance)
duplicate-199
Q-56

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-07-basin/blob/main/src/libraries/LibContractInfo.sol#L16-L26

Vulnerability details

Impact

This case is described in the comments of the getSymbol() function

if the contract does not have a symbol function, the first 4 bytes of the address are returned

But in fact, if the contract does not have the symbol() function, the first 4 bytes of the address of the contract will not be obtained

Proof of Concept

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
contract poc1{
    function getSymbol(address _contract) public view returns (string memory symbol) {
        (bool success, bytes memory data) = _contract.staticcall(abi.encodeWithSignature("symbol()"));
        symbol = new string(4);
        if (success) {
            symbol = abi.decode(data, (string));
        } else {
            assembly {
                mstore(add(symbol, 0x20), shl(224, shr(128, _contract)))
            }
        }
    }
}


contract poc2{
    function symbol1() public returns (string memory symbol) {
        return "namename";
    }
}

// getSymbol(address(poc2)) => error": "Failed to decode output: null: invalid codepoint at offset 3; unexpected continuation byte (argument=\"bytes\", value=Uint8Array(0x33283581), code=INVALID_ARGUMENT, version=strings/5.7.0)"

Tools Used

vscode

Directly truncate the first 4 bytes of the address

Assessed type

DoS

#0 - c4-pre-sort

2023-07-11T07:47:46Z

141345 marked the issue as duplicate of #35

#1 - c4-pre-sort

2023-07-13T09:05:43Z

141345 marked the issue as duplicate of #199

#2 - c4-judge

2023-08-04T12:43:41Z

alcueca changed the severity to QA (Quality Assurance)

#3 - c4-judge

2023-08-05T21:30:41Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter