Back to LosPollosHermanos's contests

Basin - LosPollosHermanos's results

A composable EVM-native decentralized exchange protocol.

General Information

Platform: Code4rena

Start Date: 03/07/2023

Pot Size: $40,000 USDC

Total HM: 14

Participants: 74

Period: 7 days

Judge: alcueca

Total Solo HM: 9

Id: 259

League: ETH

Basin

Findings Distribution

Researcher Performance

Rank: 55/74

Findings: 1

Award: $17.52

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBasin

Findings Information

🌟 Selected for report: 0xprinc

Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-

Awards

17.5208 USDC - $17.52

Labels

bug
grade-a
low quality report
QA (Quality Assurance)
edited-by-warden
Q-36

External Links

Link to GitHub issue

[LOW] No checks if j is 0 or 1 in CP2 calcReservesAtRatioSwap , calcReserve & calcReserveAtRatioLiquidity

Impact

If a Well holds more than two tokens and uses ConstantProduct2 as its Well Function calling the function with j != 1 && j != 0 will make the reserves inacurate.

If reserves are only a 2 arguments array than this will result in an error.

Proof of Concept

https://github.com/code-423n4/2023-07-basin/blob/c1b72d4e372a6246e0efbd57b47fb4cbb5d77062/src/functions/ConstantProduct2.sol#L58

https://github.com/code-423n4/2023-07-basin/blob/c1b72d4e372a6246e0efbd57b47fb4cbb5d77062/src/functions/ConstantProduct2.sol#L79

https://github.com/code-423n4/2023-07-basin/blob/c1b72d4e372a6246e0efbd57b47fb4cbb5d77062/src/functions/ConstantProduct2.sol#L92

Solution

Add require(j == 0 || j == 1); in all of the above functions.

[NON-CRITICAL] If 'Well' stores more tokens than the reserves swapFrom won't revert using a token with a fee on transfer

Impact

Not having a fee on transfer is a prerequisite for a token to be swapped using swapFrom and is checked in _setReserves; however, if the amounts of tokens stored in a Well are higher than reserves than this transaction may not revert.

Proof of Concept

We consider swapFrom function: https://github.com/code-423n4/2023-07-basin/blob/9403cf973e95ef7219622dbbe2a08396af90b64c/src/Well.sol#L186

Let token1 and token2 be arbitrary tokens being swapped. Let T1, T2 be numbers of this tokens stored by the Well and R1, R2 reserves of this tokens.

  1. Let this be a initial status of the Well: T1 = 100; R1 = 50 T2 = 100; R2 = 50

  2. 5 tokens of token1 are added but it has fee on transfer 25% T1 = 104; R1 = 55 T2 = 100; R2 = 50

In this case the assertions https://github.com/code-423n4/2023-07-basin/blob/9403cf973e95ef7219622dbbe2a08396af90b64c/src/Well.sol#L634 pass.

Solution

Use swapFromFeeOnTransfer for every transfer.

[Non-Critical] AMM functionality is limited with the _calcReserve() functions

Impact

AMMs which are self-balancing (to stabilise prices) cannot be implemented as Basin only allows only two reserves to be modified in a swap (tokenFrom and tokenTo).

Proof of Concept

https://github.com/code-423n4/2023-07-basin/blob/9403cf973e95ef7219622dbbe2a08396af90b64c/src/Well.sol#L701

Solution

Allow wellFunction to modify all reserves.

#0 - c4-pre-sort

2023-07-13T14:49:59Z

141345 marked the issue as low quality report

#1 - c4-judge

2023-08-04T21:21:40Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter