Back to DanielTan_MetaTrust's contests

Maia DAO - Ulysses - DanielTan_MetaTrust's results

Harnessing the power of Arbitrum, Ulysses Omnichain specializes in Virtualized Liquidity Management.

General Information

Platform: Code4rena

Start Date: 22/09/2023

Pot Size: $100,000 USDC

Total HM: 15

Participants: 175

Period: 14 days

Judge: alcueca

Total Solo HM: 4

Id: 287

League: ETH

Maia DAO

Findings Distribution

Researcher Performance

Rank: 147/175

Findings: 1

Award: $11.47

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMaia DAO

Findings Information

🌟 Selected for report: MrPotatoMagic

Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-

Awards

11.4657 USDC - $11.47

Labels

bug
grade-b
QA (Quality Assurance)
sufficient quality report
Q-38

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-09-maia/blob/main/src/RootPort.sol#L259-L270

The setLocalAddress function lacks setting or validating the _globalAddress

Description

The setLocalAddress function of the RootPort contract lacks setting isGlobalAddress[_globalAddress] as true or validating whether isGlobalAddress[_globalAddress] is true(valid) or not.

Before executing the statement getGlobalTokenFromLocal[_localAddress][_srcChainId] = _globalAddress;, it is needed to make sure the _globalAddress is a valid global address.

Impact

Functions, bridgeToRoot, bridgeToRootFromLocalBranch, and bridgeToLocalBranchFromRoot will check the isGlobalAddress first, missing setting the isGlobalAddress or any wrong value of isGlobalAddress will block other functions.

Recommendation

Consider validating isGlobalAddress[_globalAddress] is true or not or setting the isGlobalAddress[_globalAddress] as true before executing the rest statements of the setLocalAddress function.

#0 - c4-pre-sort

2023-10-15T12:25:30Z

0xA5DF marked the issue as sufficient quality report

#1 - c4-judge

2023-10-20T13:45:41Z

alcueca marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter