Back to JLevick's contests

Frax Ether Liquid Staking contest - JLevick's results

A liquid ETH staking derivative designed to uniquely leverage the Frax Finance ecosystem.

General Information

Platform: Code4rena

Start Date: 22/09/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 133

Period: 3 days

Judge: 0xean

Total Solo HM: 2

Id: 165

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 93/133

Findings: 1

Award: $28.01

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: rotcivegaf

Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, B2, Bahurum, Bnke0x0, Ch_301, CodingNameKiki, Deivitto, Diana, Funen, IllIllI, JC, JLevick, KIntern_NA, Lambda, OptimismSec, PaludoX0, RockingMiles, Rolezn, Sm4rty, Soosh, Tagir2003, Tointer, TomJ, Triangle, Trust, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, asutorufos, ayeslick, aysha, bbuddha, bharg4v, bobirichman, brgltd, bytera, c3phas, cryptostellar5, cryptphi, csanuragjain, datapunk, delfin454000, durianSausage, exd0tpy, gogo, got_targ, jag, joestakey, karanctf, ladboy233, leosathya, lukris02, mics, millersplanet, natzuu, neko_nyaa, obront, oyc_109, parashar, peritoflores, rbserver, ret2basic, rokinot, ronnyx2017, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, tnevler, yasir, yongskiws

Awards

28.0145 USDC - $28.01

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

  1. Malicious admin could grief users by changing withholdRatio to 100%, recommend changing RATIO_PRECISION to a lower value. frxETHMinter.sol#L159-L163

  2. Division before multiplication will lead to an earlier rewardsCycleEnd due to precision loss. I am assuming that the rewardsCycleEnd should be roughly the distance of the rewardsCycleLength from the starting timestamp, however due to precision loss when doing the calculation it can result in being quite a bit earlier. PoC: (using 1 day, 86,400 for rewardsCycleLength & 1,664,093,282 for timestamp)

uint32 end = ((timestamp + rewardsCycleLength) / rewardsCycleLength) * rewardsCycleLength;
uint32 end = ((1,664,093,282 + 86,400) / 86,400) * 86,400;
uint32 end = ((1,664,179,682) / 86,400) * 86,400;
uint32 end = 19,261 * 86,400;
uint32 end = 1,664,150,400;
timestamp + rewardsCycleLength - end = 29,282 (8.13 hours earlier then expected)

  1. When initialising rewardsCycleEnd it is missing adding rewardsCycleLength to block.timestamp.safeCastTo32(). xERC4626.sol#L40

  2. Recommend locking the pragma in all contracts to the version that was used in testing.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter