Back to Czar102's contests

Redacted Cartel contest - Czar102's results

Complimentary subDAO for OlympusDAO.

General Information

Platform: Code4rena

Start Date: 15/02/2022

Pot Size: $30,000 USDC

Total HM: 18

Participants: 35

Period: 3 days

Judge: GalloDaSballo

Total Solo HM: 8

Id: 87

League: ETH

Redacted Cartel

Findings Distribution

Researcher Performance

Rank: 17/35

Findings: 1

Award: $455.89

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRedacted Cartel

Findings Information

🌟 Selected for report: Czar102

Also found by: 0x1f8b, SolidityScan

Labels

bug
2 (Med Risk)

Awards

455.8935 USDC - $455.89

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/BribeVault.sol#L164-L205

Vulnerability details

Impact

depositBribeERC20 function in BriveVault is reentrant in line 187, where an address supplied by the caller is called.

A bad actor that has DEPOSITOR_ROLE and is a contract can execute a folowing attack:

  1. Create a dummy token contract, reentrant in the transferFrom() function. All tokens are approved to the BriveVault and the attacker contract has unlimited tokens. Reentrancy aims back to a function in the attacker contract, which calls depositBribeERC20 again.
  2. The first call by the contract must use a novel bribeIdentifier. token is set to a dummy contract and amount to uint(-2).
  3. All checks pass, transferFrom is called, which calls attacker contract, which can call depositBribeERC20 again, this time will transfer 1 wei of a valuable token, using the same bribeIdentifier. All checks pass as the previous token hasn't been registered yet. Then, a valid transfer happens. After that, the amount is set to 1 wei and the token is saved. Event is emitted and the function returns value. Then, attacker function returns and dummy token returns. The operation is to increment amount in storage by the transfer value, which increases b.amount to the maximum integer. The token is nonzero, so the if statement is passed.

Thus, an attacker can grant any amount of tokens from BriveVault to a certain bribe, stealing all the funds once the bribe will be withdrawn.

Set bribe token before the transfer is made.

#0 - kphed

2022-02-18T01:27:00Z

Marking as duplicate since it's the same general concern that depositors would be malicious actors.

Duplicate of https://github.com/code-423n4/2022-02-redacted-cartel-findings/issues/1.

#1 - GalloDaSballo

2022-03-06T16:03:57Z

I do believe re-entrancy is possible, so I recommend the sponsor to add the nonReentrant modifier to the deposit function

The example shown above works because the function trusts the DEPOSITOR_ROLE so I'd agree with the sponsor with grouping with #1

I'll keep the finding separate as this deals with reEntrancy. Mitigation would be to enforce a bribeIdentifier to be used for a specific token (and it being enforced), as well as adding nonReentrant

Because the function is permissioned, I believe medium severity to be more appropriate

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter