Back to Kenshin's contests

Backd contest - Kenshin's results

Maximize the power of your assets and start earning yield

General Information

Platform: Code4rena

Start Date: 21/04/2022

Pot Size: $100,000 USDC

Total HM: 18

Participants: 60

Period: 7 days

Judge: gzeon

Total Solo HM: 10

Id: 112

League: ETH

Backd

Findings Distribution

Researcher Performance

Rank: 44/60

Findings: 1

Award: $159.31

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBackd

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s

Awards

159.3125 USDC - $159.31

Labels

bug
QA (Quality Assurance)
resolved
reviewed

External Links

Link to GitHub issue

Missing Zero Address Validation

  1. AddressProvider.addFeeHandler: https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L63-L68
  2. AddressProvider.addAction https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L79-85

Description

The address can be set to address zero (0x00...) which could result in unexpected behavior.

Mitigation

Setters of address type parameters should include a zero-address validation.

Missing Event on Important/State Changes Function

  1. AddressProvider.addFeeHandler: https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L63-L68
  2. AddressProvider.removeFeeHandler: https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L69-L73
  3. AddressProvider.freezeAddress: https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L228-L233
  4. AddressProvider.executeAddress: https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L257-L267 partially emit event log only _setConfig, not _executeDeadline

Description

Important or state changes function should emit events upon successful execution for off-chain tracking.

Mitigation

An event of calling critical functions should be generated for security and off-chain monitoring purposes.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter