Platform: Code4rena
Start Date: 13/11/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 120
Period: 4 days
Judge: 0xTheC0der
Id: 306
League: ETH
Rank: 68/120
Findings: 2
Award: $5.45
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rvierdiiev
Also found by: 0x175, 0x3b, 0xMango, 0xarno, 0xpiken, Bauchibred, DarkTower, ElCid, Giorgio, HChang26, Kose, KupiaSec, Madalad, PENGUN, Pheonix, RaoulSchaffranek, SpicyMeatball, T1MOH, Tricko, Udsen, Yanchuan, aslanbek, ast3ros, bart1e, bin2chen, chaduke, d3e4, deepkin, developerjordy, glcanvas, inzinko, jasonxiale, jnforja, mahyar, max10afternoon, mojito_auditor, neocrao, nmirchev8, openwide, osmanozdemir1, peanuts, pep7siup, peritoflores, pontifex, rice_cooker, rouhsamad, t0x1c, tnquanghuy0512, turvy_fuzz, twcctop, ustas, vangrim, zhaojie, zhaojohnson
1.3743 USDC - $1.37
A malicious user can FrontRun the transaction to inflate the price of shares.
Consider this Scenario -
Manual Review
Introducing a maxPrice parameter (like Uniswap) would help. Letting the user specify a maximum price (that they are willing to pay) and then checking if the actual price is higher.
Other
#0 - c4-pre-sort
2023-11-18T16:51:33Z
minhquanym marked the issue as duplicate of #12
#1 - c4-judge
2023-11-28T23:38:41Z
MarioPoneder marked the issue as satisfactory
🌟 Selected for report: chaduke
Also found by: 0xpiken, Bauchibred, Matin, MohammedRizwan, MrPotatoMagic, OMEN, Pheonix, SandNallani, T1MOH, Topmark, ZanyBonzy, adriro, aslanbek, ayden, bareli, bart1e, bin2chen, btk, cheatc0d3, codynhat, critical-or-high, d3e4, erebus, firmanregar, hunter_w3b, jasonxiale, kaveyjoe, ksk2345, lsaudit, max10afternoon, merlinboii, nailkhalimov, osmanozdemir1, peanuts, pep7siup, pontifex, sbaudh6, shenwilly, sl1, tourist, wisdomn_, young, zhaojie
4.0797 USDC - $4.08
There is no limit to how much shares a user can buy.
Consider a Scenario where a new share of art ( a rare one ) is opened by some creator.
Considering the fact the with each subsequent share, the price will increase with respect to bonding curve and the buyer has to give a huge sums of fees. But in a case where buying shares which are rare(let's say an exclusive art/video etc.) can can get a price increase in future it is possible that this buyer can later dump the shares and get a huge profit. Also, it is not a state of healthy competition for shares
Manual Review
It is recommended that the creator or the platform should be able to specify how much shares can be bought.
Other
#0 - c4-pre-sort
2023-11-20T08:00:21Z
minhquanym marked the issue as insufficient quality report
#1 - minhquanym
2023-11-20T08:00:36Z
QA
#2 - c4-judge
2023-11-29T16:12:34Z
MarioPoneder changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-11-29T22:32:17Z
MarioPoneder marked the issue as grade-b