Back to BowTiedWardens's contests

Nested Finance contest - BowTiedWardens's results

The one-stop Defi app to build, manage and monetize your portfolio.

General Information

Platform: Code4rena

Start Date: 15/06/2022

Pot Size: $35,000 USDC

Total HM: 1

Participants: 36

Period: 3 days

Judge: Jack the Pug

Total Solo HM: 1

Id: 137

League: ETH

Nested Finance

Findings Distribution

Researcher Performance

Rank: 19/36

Findings: 1

Award: $104.60

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNested Finance

Findings Information

🌟 Selected for report: 0xNazgul

Also found by: 0xDjango, 0xFar5eer, 0xf15ers, BowTiedWardens, Chom, Dravee, IllIllI, Meera, MiloTruck, PierrickGT, TerrierLover, _Adam, cccz, codexploder, cryptphi, delfin454000, fatherOfBlocks, hansfriese, joestakey, oyc_109, simon135

Awards

104.5965 USDC - $104.60

Labels

bug
disagree with severity
QA (Quality Assurance)
valid

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/governance/OwnerProxy.sol#L20

Vulnerability details

Impact

The protocol is using low level calls with solidity version 0.8.14 which can result in optimizer bug.

Proof of Concept

See POC from Certora

Consider upgrading to solidity 0.8.15

#0 - Yashiru

2022-06-22T15:52:34Z

Low level calls with solidity version 0.8.14 can result in optimiser bug (Confirmed)

Disagree with severity. The Certora report was published on the day of the audit.

#1 - jack-the-pug

2022-07-12T02:29:19Z

I'll downgrade this to QA as the warden fail to provide any details required for a High issue, I did some brief research and it seems the bug wont impact the code pointed out by the warden.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter