Platform: Code4rena
Start Date: 29/03/2024
Pot Size: $36,500 USDC
Total HM: 5
Participants: 72
Period: 5 days
Judge: 3docSec
Total Solo HM: 1
Id: 357
League: ETH
Rank: 57/72
Findings: 1
Award: $8.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: immeas
Also found by: 0xAkira, 0xCiphky, 0xGreyWolf, 0xJaeger, 0xMosh, 0xabhay, 0xlemon, 0xmystery, 0xweb3boy, Aamir, Abdessamed, Aymen0909, Breeje, DanielArmstrong, DarkTower, Dots, EaglesSecurity, FastChecker, HChang26, Honour, IceBear, JC, K42, Krace, MaslarovK, Omik, OxTenma, SAQ, Shubham, Stormreckson, Tigerfrake, Tychai0s, VAD37, ZanyBonzy, albahaca, arnie, ast3ros, asui, b0g0, bareli, baz1ka, btk, caglankaan, carrotsmuggler, cheatc0d3, dd0x7e8, grearlake, igbinosuneric, jaydhales, kaden, kartik_giri_47538, m4ttm, ni8mare, niser93, nonn_ac, oualidpro, pfapostol, pkqs90, popeye, radev_sw, samuraii77, slvDev, zabihullahazadzoi
8.2807 USDC - $8.28
When a user's transaction is delayed for long time because of rising of gas price or other reason, the user can lose funds unexpectedly. This vulnerability can make users to suffer from price manipulation attack.
There is no slippage check in ousgInstantManager.sol#mint, redeem.
Manual Review
We have to add slippage check in ousgInstantManager.sol#mint, redeem.
MEV
#0 - c4-pre-sort
2024-04-04T02:59:00Z
0xRobocop marked the issue as duplicate of #250
#1 - c4-pre-sort
2024-04-04T22:59:55Z
0xRobocop marked the issue as duplicate of #156
#2 - c4-judge
2024-04-09T08:00:58Z
3docSec marked the issue as satisfactory
#3 - 3docSec
2024-04-11T07:09:06Z
Does not cover the mintRebasing and redeemRebasing functions -> 50%
#4 - c4-judge
2024-04-11T07:09:10Z
3docSec marked the issue as partial-50
#5 - c4-judge
2024-04-11T15:13:13Z
3docSec changed the severity to QA (Quality Assurance)
#6 - c4-judge
2024-04-11T15:16:12Z
3docSec marked the issue as grade-b