Back to MaslarovK's contests

Ondo Finance - MaslarovK's results

Institutional-Grade Finance, Now Onchain.

General Information

Platform: Code4rena

Start Date: 29/03/2024

Pot Size: $36,500 USDC

Total HM: 5

Participants: 72

Period: 5 days

Judge: 3docSec

Total Solo HM: 1

Id: 357

League: ETH

Ondo Finance

Findings Distribution

Researcher Performance

Rank: 29/72

Findings: 1

Award: $8.28

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOndo Finance

Findings Information

🌟 Selected for report: immeas

Also found by: 0xAkira, 0xCiphky, 0xGreyWolf, 0xJaeger, 0xMosh, 0xabhay, 0xlemon, 0xmystery, 0xweb3boy, Aamir, Abdessamed, Aymen0909, Breeje, DanielArmstrong, DarkTower, Dots, EaglesSecurity, FastChecker, HChang26, Honour, IceBear, JC, K42, Krace, MaslarovK, Omik, OxTenma, SAQ, Shubham, Stormreckson, Tigerfrake, Tychai0s, VAD37, ZanyBonzy, albahaca, arnie, ast3ros, asui, b0g0, bareli, baz1ka, btk, caglankaan, carrotsmuggler, cheatc0d3, dd0x7e8, grearlake, igbinosuneric, jaydhales, kaden, kartik_giri_47538, m4ttm, ni8mare, niser93, nonn_ac, oualidpro, pfapostol, pkqs90, popeye, radev_sw, samuraii77, slvDev, zabihullahazadzoi

Awards

8.2807 USDC - $8.28

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
:robot:_05_group
duplicate-117
Q-04

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L254-L276

Vulnerability details

Impact

When minting rOUSG, there is no way for the user to set a preferred minimum amount(i.e slippage protection).

  function mintRebasingOUSG(
    uint256 usdcAmountIn
  )
    external
    override
    nonReentrant
    whenMintNotPaused
    returns (uint256 rousgAmountOut)
  {
    uint256 ousgAmountOut = _mint(usdcAmountIn, address(this));
    ousg.approve(address(rousg), ousgAmountOut);
    rousg.wrap(ousgAmountOut);
    rousgAmountOut = rousg.getROUSGByShares(
      ousgAmountOut * OUSG_TO_ROUSG_SHARES_MULTIPLIER
    );
    rousg.transfer(msg.sender, rousgAmountOut);
    emit InstantMintRebasingOUSG(
      msg.sender,
      usdcAmountIn,
      ousgAmountOut,
      rousgAmountOut
    );
  }

Proof of Concept

This may be a problem as the price may vary, which will result in different number of shares minted to the user than intended.

Tools Used

Manual Review

Implement slippage protection set by the user upon calling the function.

Assessed type

Oracle

#0 - c4-pre-sort

2024-04-04T02:49:27Z

0xRobocop marked the issue as duplicate of #250

#1 - c4-pre-sort

2024-04-04T23:00:06Z

0xRobocop marked the issue as duplicate of #156

#2 - c4-judge

2024-04-09T07:54:47Z

3docSec marked the issue as satisfactory

#3 - 3docSec

2024-04-11T07:06:36Z

Does not cover the _redeem flow

#4 - c4-judge

2024-04-11T07:06:41Z

3docSec marked the issue as partial-50

#5 - c4-judge

2024-04-11T15:13:13Z

3docSec changed the severity to QA (Quality Assurance)

#6 - c4-judge

2024-04-11T15:14:39Z

3docSec marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter