Back to AlleyCat's contests

Sturdy contest - AlleyCat's results

The first protocol for interest-free borrowing and high yield lending.

General Information

Platform: Code4rena

Start Date: 13/05/2022

Pot Size: $30,000 USDC

Total HM: 8

Participants: 65

Period: 3 days

Judge: hickuphh3

Total Solo HM: 1

Id: 125

League: ETH

Sturdy

Findings Distribution

Researcher Performance

Rank: 48/65

Findings: 1

Award: $44.73

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySturdy

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, AlleyCat, BouSalman, Dravee, Funen, GimelSec, Hawkeye, MaratCerby, Picodes, StErMi, TerrierLover, WatchPug, Waze, berndartmueller, bobirichman, cryptphi, csanuragjain, defsec, delfin454000, dipp, fatherOfBlocks, hake, hickuphh3, hyh, joestakey, kebabsec, mics, mtz, oyc_109, p4st13r4, p_crypt0, robee, rotcivegaf, sikorico, simon135, sorrynotsorry, tintin

Awards

44.7278 USDC - $44.73

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

There are many requirement violations within the contracts revolving around _addressesProvider.

Function Examples:

setConfiguration

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0x7346d",
  "gasPrice": "0x523e2d717",
  "input": "0xb8d2927600000000000000000000000000000000000000000000007e95c10843a98e42f8000000000000000000000000aaaaaa93aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x61e0",
  "blockTime": "0x10a41",
  "decodedInput": "setConfiguration(0x00000000000000000000007e95c10843a98e42f8, 974334417060774172954205228819906042173286165156)",
  "name": "setConfiguration(address,uint256)",
  "hasDecodedInput": "setConfiguration(0x00000000000000000000007e95c10843a98e42f8, 974334417060774172954205228819906042173286165156)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "setConfiguration(0x00000000000000000000007e95c10843a98e42f8, 974334417060774172954205228819906042173286165156)"
}

processYield

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0x664d21dd5",
  "input": "0xff42f49d0000000000000000000000000000de000000000000000000000000000000000000d7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x17",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x2dcb7",
  "blockTime": "0x345e2d",
  "decodedInput": "processYield()",
  "name": "processYield()",
  "hasDecodedInput": "processYield()",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "processYield()"
}

withdrawOnLiquidation

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xed544",
  "gasPrice": "0x2f92ac80",
  "input": "0x8954ff3f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c11d000000000000000000000000000000000000000000fc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000fc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000490000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x26506",
  "blockTime": "0x1",
  "decodedInput": "withdrawOnLiquidation(0x0000000000000000000000000000000000000000, 0)",
  "name": "withdrawOnLiquidation(address,uint256)",
  "hasDecodedInput": "withdrawOnLiquidation(0x0000000000000000000000000000000000000000, 0)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "withdrawOnLiquidation(0x0000000000000000000000000000000000000000, 0)"
}

setTreasuryInfo

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0x2f92ac80",
  "input": "0x2a2234f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000",
  "origin": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x18",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x2657a",
  "blockTime": "0x1",
  "decodedInput": "setTreasuryInfo(0x0000000000000000000000000000000000000000, 5)",
  "name": "setTreasuryInfo(address,uint256)",
  "hasDecodedInput": "setTreasuryInfo(0x0000000000000000000000000000000000000000, 5)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "setTreasuryInfo(0x0000000000000000000000000000000000000000, 5)"
}

getYieldAmount

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xead95",
  "gasPrice": "0xd52faa22",
  "input": "0x121a23c100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x8",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x61e2",
  "blockTime": "0x1",
  "decodedInput": "getYieldAmount()",
  "name": "getYieldAmount()",
  "hasDecodedInput": "getYieldAmount()",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "getYieldAmount()"
}

#0 - HickupHH3

2022-06-06T02:54:29Z

lacking description about what the violations are. at best i see zero address inputs. hence giving this 1 NC.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter