Back to Matin's contests

Escher contest - Matin's results

A decentralized curated marketplace for editioned artwork.

General Information

Platform: Code4rena

Start Date: 06/12/2022

Pot Size: $36,500 USDC

Total HM: 16

Participants: 119

Period: 3 days

Judge: berndartmueller

Total Solo HM: 2

Id: 189

League: ETH

Escher

Findings Distribution

Researcher Performance

Rank: 51/119

Findings: 1

Award: $57.63

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEscher

Findings Information

🌟 Selected for report: ladboy233

Also found by: 0x1f8b, Matin, UniversalCrypto, gzeon, karanctf, minhquanym, obront, rvierdiiev, seyni, slvDev, yixxas

Labels

bug
2 (Med Risk)
satisfactory
duplicate-369

Awards

57.6274 USDC - $57.63

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L59 https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/OpenEdition.sol#L58

Vulnerability details

Impact

Down-casting from uint256 to lower uint values may overflow

Proof of Concept

explicit conversion between uint256 to uint<N> which N < 256, truncates the difference bytes. if the provided amount exceeds the maximum type of the lower uint value, it may overflow or revert in special cases.

Tools Used

Manual Analysis

consider usingOpenZeppelin's safeCast or define _amount as uint48/uint24 directly is the LPDA/OpenEdition respectively.

#0 - c4-judge

2022-12-10T16:55:38Z

berndartmueller marked the issue as unsatisfactory: Invalid

#1 - c4-judge

2022-12-10T16:58:04Z

berndartmueller marked the issue as satisfactory

#2 - c4-judge

2022-12-10T17:08:12Z

berndartmueller marked the issue as duplicate of #369

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter