Back to JMukesh's contests

Wild Credit contest - JMukesh's results

Decentralized lending protocol with isolated lending pairs.

General Information

Platform: Code4rena

Start Date: 08/07/2021

Pot Size: $50,000 USDC

Total HM: 7

Participants: 13

Period: 7 days

Judge: ghoulsol

Total Solo HM: 5

Id: 18

League: ETH

Wild Credit

Findings Distribution

Researcher Performance

Rank: 6/13

Findings: 3

Award: $1,470.21

🌟 Selected for report: 2

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryWild Credit

Findings Information

🌟 Selected for report: jonah1005

Also found by: 0xRajeev, JMukesh, cmichel, shw

Labels

bug
duplicate
2 (Med Risk)

Awards

360.7268 USDC - $360.73

External Links

Link to GitHub issue

Handle

JMukesh

Vulnerability details

Impact

It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure.

Proof of Concept

https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call

Tools Used

manual review

check the return value return from transfer()

#0 - talegift

2021-07-15T06:40:30Z

Not clear which code is this referring to. Possible duplicate of #67

Findings Information

🌟 Selected for report: JMukesh

Labels

bug
1 (Low Risk)
disagree with severity
sponsor disputed

Awards

916.341 USDC - $916.34

External Links

Link to GitHub issue

Handle

JMukesh

Vulnerability details

Impact

Due to the implementation of the approve() function in LPTokenMaster.sol it's possible for a user to over spend their allowance in certain situations.

Proof of Concept

https://www.adrianhetman.com/unboxing-erc20-approve-issues/

Tools Used

manual review

Instead of having a direct setter for allowances, decreaseAllowance and increaseAllowance functions should be exposed which decreases and increases allowances for a recipient respectively.

#0 - talegift

2021-07-15T06:13:16Z

This is not possible. Solidity 8 checks for underflow.

#1 - ghoul-sol

2021-08-01T21:56:02Z

Warden, please provide more explicit explanation of the exploit in the future so we don't have to guess. Providing an article link is not the way to do it. Making this a low risk as this is a well known issue and the protocol doesn't really depend on it.

Findings Information

🌟 Selected for report: defsec

Also found by: JMukesh, jonah1005

Labels

bug
duplicate
1 (Low Risk)

Awards

41.0609 USDC - $41.06

External Links

Link to GitHub issue

Handle

JMukesh

Vulnerability details

Impact

Due to incorrect position of require condition,

require(_amount > 0, "TransferHelper: amount must be > 0");

This condition should be at the initial point of function not at the end of function because 0 amount can be entered to transfer token

bool success = IERC20(_token).transferFrom(_sender, address(this), _amount);

Proof of Concept

https://github.com/code-423n4/2021-07-wildcredit/blob/82c48d73fd27a9d4d5d4a395b3affcef4ef6c5c8/contracts/TransferHelper.sol#L22

Tools Used

manual review

add require() at starting point

#0 - talegift

2021-07-15T06:08:20Z

#56

Findings Information

🌟 Selected for report: JMukesh

Labels

bug
G (Gas Optimization)
sponsor acknowledged

Awards

152.0774 USDC - $152.08

External Links

Link to GitHub issue

Handle

JMukesh

Vulnerability details

Impact

if we declare - address public feeRecipient; with bool public depositsEnabled and bool public depositsEnabled;

these variable can be packed in single slot , because they occupy total 22bytes of 32byte memory sloth

ex - address public feeRecipient bool public depositsEnabled bool public depositsEnabled

Proof of Concept

https://github.com/code-423n4/2021-07-wildcredit/blob/82c48d73fd27a9d4d5d4a395b3affcef4ef6c5c8/contracts/Controller.sol#L35

Tools Used

manual review

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter