Back to Pechenite's contests

DYAD - Pechenite's results

The first capital efficient overcollateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 18/04/2024

Pot Size: $36,500 USDC

Total HM: 19

Participants: 183

Period: 7 days

Judge: Koolex

Id: 367

League: ETH

DYAD

Findings Distribution

Researcher Performance

Rank: 175/183

Findings: 1

Award: $0.02

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDYAD

Findings Information

🌟 Selected for report: MrPotatoMagic

Also found by: 0x175, 0x486776, 0x77, 0xAkira, 0xAsen, 0xDemon, 0xabhay, 0xblack_bird, 0xlemon, 0xloscar01, 0xtankr, 3docSec, 4rdiii, Abdessamed, AlexCzm, Angry_Mustache_Man, BiasedMerc, Circolors, Cryptor, DMoore, DPS, DedOhWale, Dinesh11G, Dots, GalloDaSballo, Giorgio, Honour, Imp, Jorgect, Krace, KupiaSec, Mrxstrange, NentoR, Pechenite, PoeAudits, Ryonen, SBSecurity, Sabit, T1MOH, TheFabled, TheSavageTeddy, Tychai0s, VAD37, Vasquez, WildSniper, ZanyBonzy, adam-idarrha, alix40, asui, blutorque, btk, c0pp3rscr3w3r, caglankaan, carrotsmuggler, d_tony7470, dimulski, dinkras, djxploit, falconhoof, forgebyola, grearlake, imare, itsabinashb, josephdara, kartik_giri_47538, ke1caM, kennedy1030, koo, lionking927, ljj, niser93, pep7siup, poslednaya, ptsanev, sashik_eth, shaflow2, steadyman, turvy_fuzz, ubl4nk, valentin_s2304, web3km, xyz, y4y, zhaojohnson, zigtur

Awards

0.0234 USDC - $0.02

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
upgraded by judge
:robot:_09_group
duplicate-1001

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L119-L153

Vulnerability details

Impact

Everyone can DoS the owners of DYAD to withdraw by depositing for this NFT.

Proof of Concept

The idToBlockOfLastDeposit mapping keeps track of the last block in which a deposit was made for each dNFT.

mapping (uint => uint) public idToBlockOfLastDeposit;

// ...

function deposit(
  uint    id,
  address vault,
  uint    amount
) 
  external 
  isValidDNft(id)
{
  idToBlockOfLastDeposit[id] = block.number;
  Vault _vault = Vault(vault);
  _vault.asset().safeTransferFrom(msg.sender, address(vault), amount);
  _vault.deposit(id, amount);
}

During a withdrawal attempt, a check prevents withdrawal in the same block as the last deposit:

function withdraw(
  uint    id,
  address vault,
  uint    amount,
  address to
) 
  public 
  isDNftOwner(id)
{
  if (idToBlockOfLastDeposit[id] == block.number) revert DepositedInSameBlock();
  // Further code for withdrawals...
}

Since anyone can deposit for any dNFT, a malicious actor could make deposits into a specific dNFT, preventing the owner from withdrawing in the same block, thus causing a DoS attack.

Tools Used

Manual review

Implement an additional authorization check to ensure that only the dNFT owner can deposit into their own vault.

Assessed type

Context

#0 - c4-pre-sort

2024-04-27T11:34:51Z

JustDravee marked the issue as duplicate of #1103

#1 - c4-pre-sort

2024-04-27T11:45:56Z

JustDravee marked the issue as duplicate of #489

#2 - c4-pre-sort

2024-04-29T09:29:20Z

JustDravee marked the issue as sufficient quality report

#3 - c4-judge

2024-05-05T20:38:09Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2024-05-05T21:13:58Z

koolexcrypto marked the issue as nullified

#5 - c4-judge

2024-05-05T21:14:03Z

koolexcrypto marked the issue as not nullified

#6 - c4-judge

2024-05-08T15:29:23Z

koolexcrypto marked the issue as duplicate of #1001

#7 - c4-judge

2024-05-11T19:44:38Z

koolexcrypto marked the issue as satisfactory

#8 - c4-judge

2024-05-13T18:34:30Z

koolexcrypto changed the severity to 3 (High Risk)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter