Back to Lotus's contests

Astaria contest - Lotus's results

On a mission is to build a highly liquid NFT lending market.

General Information

Platform: Code4rena

Start Date: 05/01/2023

Pot Size: $90,500 USDC

Total HM: 55

Participants: 103

Period: 14 days

Judge: Picodes

Total Solo HM: 18

Id: 202

League: ETH

Astaria

Findings Distribution

Researcher Performance

Rank: 49/103

Findings: 1

Award: $176.55

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAstaria

Findings Information

🌟 Selected for report: fs0c

Also found by: Lotus, obront

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
duplicate-343

Awards

176.5513 USDC - $176.55

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol#L646

Vulnerability details

Impact

The parameter stack is passed as memory in LienToken._paymentAH. Deleting the stack at position will not change the storage value.

delete stack[position];

This will create a problem when calling LienToken.payDebtViaClearingHouse as the AuctionStack passed in parameter will not be removed.

Proof of Concept

https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol#L646

#0 - c4-judge

2023-01-26T17:53:06Z

Picodes marked the issue as duplicate of #343

#1 - c4-judge

2023-02-18T16:34:55Z

Picodes marked the issue as satisfactory

#2 - c4-judge

2023-02-18T16:35:05Z

Picodes changed the severity to 3 (High Risk)

#3 - c4-judge

2023-02-18T16:39:11Z

Picodes changed the severity to 2 (Med Risk)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter