Back to CodingNameKiki's contests

Axelar Network v2 contest - CodingNameKiki's results

Decentralized interoperability network.

General Information

Platform: Code4rena

Start Date: 29/07/2022

Pot Size: $50,000 USDC

Total HM: 6

Participants: 75

Period: 5 days

Judge: GalloDaSballo

Total Solo HM: 3

Id: 149

League: ETH

Axelar Network

Findings Distribution

Researcher Performance

Rank: 50/75

Findings: 2

Award: $87.35

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAxelar Network

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x1f8b, 0x52, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, IllIllI, JC, Lambda, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Twpony, Waze, Yiko, __141345__, ajtra, apostle0x01, ashiq0x01, asutorufos, bardamu, benbaessler, berndartmueller, bharg4v, bulej93, c3phas, cccz, ch13fd357r0y3r, codexploder, cryptonue, cryptphi, defsec, djxploit, durianSausage, fatherOfBlocks, gogo, hansfriese, horsefacts, ignacio, kyteg, lucacez, mics, rbserver, robee, sashik_eth, simon135, sseefried, tofunmi, xiaoming90

Awards

56.1273 USDC - $56.13

Labels

bug
QA (Quality Assurance)
edited-by-warden

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L70 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L144 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/xc20/contracts/XC20Wrapper.sol#L63

Vulnerability details

Impact

The use of the deprecated transfer() function for an address will inevitably make the transaction fail if: 1.The claimer smart contract does not implement a payable function. 2.The claimer smart contract does implement a payable fallback which uses more than 2300 gas unit. 3.The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the call’s gas usage above 2300. Note - using higher than 2300 gas might be mandatory for some multisig wallets.

Proof of Concept

Check the links above

Replace transfer() with call(). Keep in mind to check whether the call was successful by validating the return value.

#0 - re1ro

2022-08-05T04:08:44Z

Duplicate of #4

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi

Awards

31.222 USDC - $31.22

Labels

bug
G (Gas Optimization)
edited-by-warden

External Links

Link to GitHub issue
  1. x += y cost more gas than x= x + y for state variables

AxelarAuthWeighted.sol 70: totalWeight += newWeights[i]; 105: weight += weights[operatorIndex];

  1. abi.encode() is less efficient than abi.encodePacked()

AxelarAuthWeighted.sol 32: bytes32 operatorsHash = keccak256(abi.encode(operators, weights, threshold));

  1. Internal functions only called once can be inlined to save gas

AxelarAuthWeighted.sol 115: function _isSortedAscAndContainsNoDuplicate(address[] memory accounts) internal pure returns (bool) {

  1. ++i cost less gas than i++, especially when it's used in for loops (--i,i--) aswell.

AxelarDepositService.sol 114: for (uint256 i; i < refundTokens.length; i++) { 168: for (uint256 i; i < refundTokens.length; i++) { 204: for (uint256 i; i < refundTokens.length; i++) {

  1. Internal functions only called once can be inlined to save gas

AxelarGateway.sol 611: function _setTokenDailyMintAmount(string memory symbol, uint256 amount) internal { 622: function _setTokenAddress(string memory symbol, address tokenAddress) internal { 655: function _setImplementation(address newImplementation) internal {

  1. Empty block should be removed or emit something

AxelarAuthWeighted.sol 101: for (; operatorIndex < operatorsLength && signer != operators[operatorIndex]; ++operatorIndex) {}

  1. Empty blocks should be removed or emit something

ReceiverImplementation.sol 12: constructor(address gateway, string memory wrappedSymbol) DepositBase(gateway, wrappedSymbol) {}

  1. Usage of uints/ints smaller than 32 bytes (256 bits) incurs overhead

AxelarAuthWeighted.sol 14: uint8 internal constant OLD_KEY_RETENTION = 16;

#0 - re1ro

2022-08-05T03:21:14Z

1

Dup #2

2

Dup #2

3

We prefer cleaner code

4

Dup #2

5

We prefer cleaner code

6

Dup #2

7

Dup #3

8

Dup #7

#1 - GalloDaSballo

2022-08-20T22:39:30Z

Less than 100 gas saved

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter