Platform: Code4rena
Start Date: 11/05/2022
Pot Size: $150,000 USDC
Total HM: 23
Participants: 93
Period: 14 days
Judge: LSDan
Total Solo HM: 18
Id: 123
League: ETH
Rank: 78/93
Findings: 1
Award: $149.87
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 242, AlleyCat, BouSalman, BowTiedWardens, CertoraInc, Chom, Cityscape, FSchmoede, Funen, GimelSec, Hawkeye, JC, JDeryl, Kaiziron, Kthere, Kumpa, MaratCerby, MiloTruck, Nethermind, NoamYakov, PPrieditis, QuantumBrief, Rolezn, Ruhum, SmartSek, SooYa, Tadashi, TerrierLover, WatchPug, Waze, _Adam, asutorufos, berndartmueller, bobirichman, c3phas, catchup, cccz, ch13fd357r0y3r, cryptphi, csanuragjain, cthulhu_cult, defsec, delfin454000, ellahi, fatherOfBlocks, hansfriese, hubble, hyh, jayjonah8, joestakey, kenta, kenzo, kirk-baird, mics, oyc_109, p_crypt0, reassor, robee, sach1r0, samruna, sashik_eth, sikorico, simon135, sorrynotsorry, sseefried, tintin, unforgiven, z3s, zmj
149.8668 USDC - $149.87
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/CrvDepositorWrapper.sol#L9 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L10
If a codebase has two contracts with the same names, the compilation artifacts will not contain one of the contracts.
ICrvDepositor exists in both AuraStakingProxy and CrvDepositorWrapper
Manual Review
Move the contract to an interface file and import it or if the interface differs rename one of the contracts.
#0 - phijfry
2022-05-17T12:43:07Z
Based on the contracts that have been pointed out I can't see how this can lead to loss of funds as the severity suggests? Considering we are talking about compiled artifacts. Could the warden elaborate here?
#1 - 0xMaharishi
2022-05-25T15:52:53Z
This should be a 0 or 1 severity (being generous). There is no way for anything bad to happen here considering both the ABIs are different and used explicity
#2 - 0xMaharishi
2022-05-25T15:54:11Z
#3 - dmvt
2022-06-20T15:17:15Z
This is definitely a code quality issue and a good report, but does not constitute a potential loss of funds or even disfunction in the protocol itself. Downgrading to QA.