Back to Avci's contests

Ethena Labs - Avci's results

Enabling The Internet Bond

General Information

Platform: Code4rena

Start Date: 24/10/2023

Pot Size: $36,500 USDC

Total HM: 4

Participants: 147

Period: 6 days

Judge: 0xDjango

Id: 299

League: ETH

Ethena Labs

Findings Distribution

Researcher Performance

Rank: 113/147

Findings: 1

Award: $4.52

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEthena Labs

Findings Information

🌟 Selected for report: 0xmystery

Also found by: 0x11singh99, 0xAadi, 0xAlix2, 0xG0P1, 0xStalin, 0xWaitress, 0x_Scar, 0xhacksmithh, 0xhunter, 0xpiken, Al-Qa-qa, Arz, Avci, Bauchibred, BeliSesir, Breeje, Bughunter101, DarkTower, Eeyore, Fitro, HChang26, Imlazy0ne, J4X, JCK, Kaysoft, Kral01, Madalad, Mike_Bello90, Noro, PASCAL, PENGUN, Proxy, Rickard, Shubham, SovaSlava, Strausses, Team_Rocket, ThreeSigma, Topmark, Udsen, Walter, Yanchuan, Zach_166, ZanyBonzy, adam-idarrha, adeolu, almurhasan, arjun16, ast3ros, asui, ayden, btk, cartlex_, castle_chain, cccz, chainsnake, codynhat, critical-or-high, cryptonue, csanuragjain, deepkin, degensec, dirk_y, erebus, foxb868, ge6a, hunter_w3b, jasonxiale, kkkmmmsk, lanrebayode77, lsaudit, marchev, matrix_0wl, max10afternoon, nuthan2x, oakcobalt, oxchsyston, pavankv, peanuts, pep7siup, pipidu83, pontifex, ptsanev, qpzm, radev_sw, rokinot, rotcivegaf, rvierdiiev, sorrynotsorry, squeaky_cactus, supersizer0x, tnquanghuy0512, twcctop, twicek, young, zhaojie, ziyou-

Awards

4.5226 USDC - $4.52

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
sufficient quality report
duplicate-36
Q-10

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-ethena/blob/ee67d9b542642c9757a6b826c82d0cae60256509/contracts/EthenaMinting.sol#L352-L355

Vulnerability details

Impact

in the Ethenaminting.sol Contract and in the VerifyRoute() function in line 353 there is IF that checks if the order type is ordertype.REDEEM but as you saw in the comments of that if it suppose to // routes only used to mint

so that means ordertype. should not be redeem. but it is and it should return false instead of true

Proof of Concept

 function verifyRoute(Route calldata route, OrderType orderType) public view override returns (bool) {
    // routes only used to mint
    if (orderType == OrderType.REDEEM) {
      return true;
    }

Tools Used

vs code / brain

  • consider returning false instead of true

Assessed type

Other

#0 - c4-pre-sort

2023-11-01T02:58:52Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-11-01T02:59:11Z

raymondfam marked the issue as duplicate of #36

#2 - c4-judge

2023-11-13T19:18:21Z

fatherGoose1 marked the issue as unsatisfactory: Invalid

#3 - c4-judge

2023-11-20T20:13:19Z

fatherGoose1 changed the severity to QA (Quality Assurance)

#4 - c4-judge

2023-11-20T20:15:40Z

fatherGoose1 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter