Back to Lambda's contests

FEI and TRIBE Redemption contest - Lambda's results

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

General Information

Platform: Code4rena

Start Date: 09/09/2022

Pot Size: $42,000 USDC

Total HM: 2

Participants: 101

Period: 3 days

Judge: hickuphh3

Total Solo HM: 2

Id: 161

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 10/101

Findings: 1

Award: $47.65

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTribe

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas

Awards

47.6531 USDC - $47.65

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  • In RariMerkleRedeemer.previewRedeem, an exchange rate might still be unset (and therefore 0), although it is required to provide 27 exchange rates in the constructor. These exchange rates might be for different tokens or contain duplicates. The consequences of this would be severe, as a user would get 0 baseToken for this cToken, no matter how many cToken's he owns.
  • Unlike in RariMerkleRedeemer._multiRedeem, it is not checked in _redeem that the address of the cToken is not equal to zero.
  • The modifier hasNotSigned is missing from RariMerkleRedeemer.signAndClaim
  • Because RariMerkleRedeemer only contains amountToDrip tokens (because of the Dripper), redemption for whales can take a long time (they always need to wait _dripPeriod) and needs to be split up in multiple transactions. This can also introduce situations where a lot of transactions revert: After the _dripPeriod is over, everyone rushes to call drip() and redeem all tokens, but only one will succeed.
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter