Platform: Code4rena
Start Date: 18/04/2024
Pot Size: $36,500 USDC
Total HM: 19
Participants: 183
Period: 7 days
Judge: Koolex
Id: 367
League: ETH
Rank: 126/183
Findings: 2
Award: $4.89
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0x175, 0x486776, 0x77, 0xAkira, 0xAsen, 0xDemon, 0xabhay, 0xblack_bird, 0xlemon, 0xloscar01, 0xtankr, 3docSec, 4rdiii, Abdessamed, AlexCzm, Angry_Mustache_Man, BiasedMerc, Circolors, Cryptor, DMoore, DPS, DedOhWale, Dinesh11G, Dots, GalloDaSballo, Giorgio, Honour, Imp, Jorgect, Krace, KupiaSec, Mrxstrange, NentoR, Pechenite, PoeAudits, Ryonen, SBSecurity, Sabit, T1MOH, TheFabled, TheSavageTeddy, Tychai0s, VAD37, Vasquez, WildSniper, ZanyBonzy, adam-idarrha, alix40, asui, blutorque, btk, c0pp3rscr3w3r, caglankaan, carrotsmuggler, d_tony7470, dimulski, dinkras, djxploit, falconhoof, forgebyola, grearlake, imare, itsabinashb, josephdara, kartik_giri_47538, ke1caM, kennedy1030, koo, lionking927, ljj, niser93, pep7siup, poslednaya, ptsanev, sashik_eth, shaflow2, steadyman, turvy_fuzz, ubl4nk, valentin_s2304, web3km, xyz, y4y, zhaojohnson, zigtur
0.0234 USDC - $0.02
A user can front run and block withdrawals by calling deposit before the victim
The function deposit and withdraw both have the following mechanism to prevent flash loan attacks
idToBlockOfLastDeposit[id] = block.number;
if (idToBlockOfLastDeposit[id] == block.number) revert DepositedInSameBlock();
The problem here is that a bad actor can prevent other users from withdrawing by front running users (by providing a higher gas fee) and then calling the function deposit with the same id, causing the withdraw function to revert. In addition, since there is no minimum amount for the deposit, this front running attack can be done for little to no cost.
Manual Review
Use openZepplin's re-entrancy lock instead of block.number
DoS
#0 - c4-pre-sort
2024-04-27T11:48:40Z
JustDravee marked the issue as duplicate of #489
#1 - c4-pre-sort
2024-04-29T09:25:36Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-05T20:38:14Z
koolexcrypto marked the issue as unsatisfactory: Invalid
#3 - c4-judge
2024-05-05T20:39:23Z
koolexcrypto marked the issue as unsatisfactory: Invalid
#4 - c4-judge
2024-05-05T21:21:08Z
koolexcrypto marked the issue as nullified
#5 - c4-judge
2024-05-05T21:21:14Z
koolexcrypto marked the issue as not nullified
#6 - c4-judge
2024-05-08T15:28:12Z
koolexcrypto marked the issue as duplicate of #1001
#7 - c4-judge
2024-05-11T19:50:30Z
koolexcrypto marked the issue as satisfactory
🌟 Selected for report: dimulski
Also found by: 0xleadwizard, 0xlemon, Aamir, Al-Qa-qa, AvantGard, Bauchibred, Cryptor, DarkTower, Egis_Security, Giorgio, Maroutis, MrPotatoMagic, OMEN, Ocean_Sky, Ryonen, SBSecurity, Sabit, SpicyMeatball, Stefanov, T1MOH, Tigerfrake, WildSniper, atoko, bhilare_, darksnow, fandonov, grearlake, iamandreiski, igdbase, pontifex, web3km, xiao
4.8719 USDC - $4.87
https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L224 https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L155-L169
There is no incentive to liquidate small positions
The function mintdyad allows a user to create a position to mint dyad.
function mintDyad( uint id, uint amount, address to ) external isDNftOwner(id) { uint newDyadMinted = dyad.mintedDyad(address(this), id) + amount; if (getNonKeroseneValue(id) < newDyadMinted) revert NotEnoughExoCollat(); dyad.mint(id, to, amount); if (collatRatio(id) < MIN_COLLATERIZATION_RATIO) revert CrTooLow(); emit MintDyad(id, amount, to); }
Notice that there is no minimum amount to mint. A user can create extremely small positions (e.g. 7e5). This can be a problem when looking at the the liquidate function.
https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L204-L228
uint collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare);
For example, let's say that the collateral is equal to 5 USD and the liquidation asset share is equal to 1. If the gas price is high (e.g .01 ETH), the liquidator can incur a significant net loss.
Here we see that the liquidator can get little to no reward for initiating the liquidate if the liquidated collateral is too low. If this is done during times of high volatility, the liquidator can end up in a net loss after paying gas fees. This creates a lack of incentive to liquidate small positions. Eventually, this can lead to a lot of bad debt accumulated by the protocol.
Manual Review
When minting dyad, add a minimum amount to incentivize users to liquidate positions
Other
#0 - c4-pre-sort
2024-04-27T17:34:08Z
JustDravee marked the issue as duplicate of #1258
#1 - c4-pre-sort
2024-04-29T09:16:50Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-03T14:07:47Z
koolexcrypto changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-05-12T09:32:50Z
koolexcrypto marked the issue as grade-c
#4 - c4-judge
2024-05-22T14:26:07Z
This previously downgraded issue has been upgraded by koolexcrypto
#5 - c4-judge
2024-05-28T16:51:50Z
koolexcrypto marked the issue as satisfactory
#6 - c4-judge
2024-05-28T20:06:09Z
koolexcrypto marked the issue as duplicate of #175