Back to Joshuajee's contests

Maia DAO - Ulysses - Joshuajee's results

Harnessing the power of Arbitrum, Ulysses Omnichain specializes in Virtualized Liquidity Management.

General Information

Platform: Code4rena

Start Date: 22/09/2023

Pot Size: $100,000 USDC

Total HM: 15

Participants: 175

Period: 14 days

Judge: alcueca

Total Solo HM: 4

Id: 287

League: ETH

Maia DAO

Findings Distribution

Researcher Performance

Rank: 106/175

Findings: 1

Award: $25.68

QA:
grade-a

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMaia DAO

Findings Information

🌟 Selected for report: MrPotatoMagic

Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-

Awards

25.6785 USDC - $25.68

Labels

bug
grade-a
QA (Quality Assurance)
sufficient quality report
Q-14

External Links

Link to GitHub issue

1. Layerzero Gas Estimate not Implemented Properly

According to the Layerzero documentation checklists, “useZro” should not be hardcoded to false, it should be passed as a parameter Instead. https://layerzero.gitbook.io/docs/evm-guides/layerzero-integration-checklist

Affected Codes: https://github.com/code-423n4/2023-09-maia/blob/main/src/RootBridgeAgent.sol#L150

https://github.com/code-423n4/2023-09-maia/blob/main/src/BranchBridgeAgent.sol#L170

2. Layerzero ChainId not implemented properly

According to the Layerzero documentation checklists, chain ID should not be hardcoded, “admin restricted setters” should be used instead.

https://layerzero.gitbook.io/docs/evm-guides/layerzero-integration-checklist

Implementation of ChainId (localChainId) throughout this protocol, is made immutable without any way to securely update it, this could make these contracts inoperable if Layerzero updates their chain IDs.

Affected Files:

https://github.com/code-423n4/2023-09-maia/blob/main/src/ArbitrumBranchPort.sol#L22

https://github.com/code-423n4/2023-09-maia/blob/main/src/MulticallRootRouter.sol#L65

https://github.com/code-423n4/2023-09-maia/blob/main/src/RootBridgeAgent.sol#L40

#0 - c4-pre-sort

2023-10-15T12:56:41Z

0xA5DF marked the issue as sufficient quality report

#1 - c4-judge

2023-10-21T05:41:19Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter