Back to IceBear's contests

Canto Identity Subprotocols contest - IceBear's results

Subprotocols for Canto Identity Protocol.

General Information

Platform: Code4rena

Start Date: 17/03/2023

Pot Size: $36,500 USDC

Total HM: 10

Participants: 98

Period: 3 days

Judge: leastwood

Total Solo HM: 5

Id: 223

League: ETH

Canto Identity Subprotocols

Findings Distribution

Researcher Performance

Rank: 59/98

Findings: 1

Award: $22.77

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto Identity Subprotocols

Findings Information

🌟 Selected for report: Sathish9098

Also found by: 0xAgro, 0xSmartContract, 0xdaydream, 0xnev, Awesome, Aymen0909, BRONZEDISC, Bauchibred, Deathstore, Diana, IceBear, Jerry0x, Kresh, Matin, Rolezn, Stryder, T1MOH, Udsen, adriro, alejandrocovrr, atharvasama, codeslide, cryptonue, descharre, igingu, jack, joestakey, libratus, lukris02, luxartvinsec, nadin, nasri136, reassor, scokaf, shark, slvDev, tnevler

Awards

22.7749 USDC - $22.77

Labels

bug
grade-b
QA (Quality Assurance)
Q-28

External Links

Link to GitHub issue

Low Issues

[L-1] SOLMATE’S SAFETRANSFERLIB DOESN’T CHECK WHETHER THE ERC20 CONTRACT EXISTS

Solmate’s SafeTransferLib, which is often used to interact with non-compliant/unsafe ERC20 tokens, does not check whether the ERC20 contract exists. The following code will not revert in case the token doesn’t exist (yet).

This is stated in the Solmate library:

https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol#L9

Find (1) instance(s) in contracts:

File: canto-namespace-protocol/src/Tray.sol

157:             SafeTransferLib.safeTransferFrom(note, msg.sender, revenueAddress, _amount * trayPrice);

canto-namespace-protocol/src/Tray.sol

[L-2] Use safeTransferOwnership instead of transferOwnership function

transferOwnership function is used to change Ownership from Owned.sol. safeTransferOwnership, use it is more secure due to 2-stage ownership transfer.

Recommendation:

Use a 2 structure transferOwnership which is safer. Use Ownable2Step.sol in contracts.

Find (4) instance(s) in contracts:

File: canto-namespace-protocol/src/Namespace.sol

5: import {Owned} from "solmate/auth/Owned.sol";

11: contract Namespace is ERC721, Owned {

canto-namespace-protocol/src/Namespace.sol

File: canto-namespace-protocol/src/Tray.sol

7: import {Owned} from "solmate/auth/Owned.sol";

13: contract Tray is ERC721A, Owned {

canto-namespace-protocol/src/Tray.sol

[L-3] Avoid using tx.origin

tx.origin is a global variable in Solidity that returns the address of the account that sent the transaction.

Using the variable could make a contract vulnerable if an authorized account calls a malicious contract. You can impersonate a user using a third party contract.

This can make it easier to create a vault on behalf of another user with an external administrator (by receiving it as an argument).

Find (4) instance(s) in contracts:

File: canto-bio-protocol/src/Bio.sol

36:             turnstile.register(tx.origin);

canto-bio-protocol/src/Bio.sol

File: canto-namespace-protocol/src/Namespace.sol

84:             turnstile.register(tx.origin);

canto-namespace-protocol/src/Namespace.sol

File: canto-namespace-protocol/src/Tray.sol

113:             turnstile.register(tx.origin);

canto-namespace-protocol/src/Tray.sol

File: canto-pfp-protocol/src/ProfilePicture.sol

63:             turnstile.register(tx.origin);

canto-pfp-protocol/src/ProfilePicture.sol

#0 - c4-judge

2023-04-11T16:01:04Z

0xleastwood marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter