Back to LegendFenGuin's contests

Frankencoin - LegendFenGuin's results

A decentralized and fully collateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 12/04/2023

Pot Size: $60,500 USDC

Total HM: 21

Participants: 199

Period: 7 days

Judge: hansfriese

Total Solo HM: 5

Id: 231

League: ETH

Frankencoin

Findings Distribution

Researcher Performance

Rank: 66/199

Findings: 2

Award: $56.43

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrankencoin

Findings Information

🌟 Selected for report: peanuts

Also found by: GreedyGoblin, J4de, KIntern_NA, Kumpa, LegendFenGuin, T1MOH, __141345__, deadrxsezzz, deliriusz, ltyu, m9800, rvierdiiev

Labels

bug
2 (Med Risk)
satisfactory
duplicate-745

Awards

33.835 USDC - $33.83

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Position.sol#L312

Vulnerability details

Impact

It is possible to cause a DoS by continuously challenging a position, preventing it from being minted.

Proof of Concept

If a position successfully resolves a challenge through tryAvertChallenge, it cannot mint for one day. An attacker can exploit this by continuously challenging the position with a minimal amount, preventing it from minting. There is no penalty for the challenger who raises a challenge, so they can continue to challenge the position continuously. Moreover, if the challenge is successful, the challenger can even gain a profit.

Tools Used

VS Code

A mechanism is needed to impose penalties on the challenger in case of failure.

#0 - c4-pre-sort

2023-04-20T12:11:24Z

0xA5DF marked the issue as duplicate of #745

#1 - c4-judge

2023-05-18T13:53:10Z

hansfriese marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter