Back to Proxy's contests

Livepeer Onchain Treasury Upgrade - Proxy's results

Decentralized video infrastructure protocol powering video in web3's leading social and media applications.

General Information

Platform: Code4rena

Start Date: 31/08/2023

Pot Size: $55,000 USDC

Total HM: 5

Participants: 30

Period: 6 days

Judge: hickuphh3

Total Solo HM: 2

Id: 282

League: ETH

Livepeer

Findings Distribution

Researcher Performance

Rank: 15/30

Findings: 1

Award: $458.20

QA:
grade-a

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLivepeer

Findings Information

🌟 Selected for report: Proxy

Also found by: Banditx0x, DavidGiladi, favelanky, ladboy233, nadin, rvierdiiev

Labels

bug
grade-a
high quality report
QA (Quality Assurance)
selected for report
sponsor confirmed
Q-06

Awards

458.1987 USDC - $458.20

External Links

Link to GitHub issue

Low Risk

Total Low Risk Issues3
CountTitleInstances
L-01There is no way to decrease the max number of active transcoders1
L-02When removing transcoders Transcoder.activationRound should be set to 0 for inactive1
L-03No function implemented for setMaxEarningsClaimsRounds()1

Non-Critical

Total Non-Critical Issues2
CountTitleInstances
NC-01Typos3
NC-02Functions need a more descriptive name2

Low Risk

[L-01] There is no way to decrease the max number of active transcoders

setNumActiveTranscoders() sets the maximum number of active transcoders however there is no way to decrease the number since setMaxSize() does not allow it.

function setNumActiveTranscoders(uint256 _numActiveTranscoders) external onlyControllerOwner {
    transcoderPool.setMaxSize(_numActiveTranscoders);

    emit ParameterUpdate("numActiveTranscoders");
}
function setMaxSize(Data storage self, uint256 _size) public {
    require(_size > self.maxSize, "new max size must be greater than old max size");

    self.maxSize = _size;
}

[L-02] When removing transcoders Transcoder.activationRound should be set to 0 for inactive

Function tryToJoinActiveSet() removes a transcoder if transcoderPool.isFull() however it does not set Transcoder.activationRound of the transcoder to 0 for inactive. In Transcoder struct it says if a transcoder is inactive activationRound should be 0.

uint256 activationRound; // Round in which the transcoder became active - 0 if inactive
transcoderPool.remove(lastTranscoder);
transcoders[lastTranscoder].deactivationRound = _activationRound; // @audit Transcoder.activationRound should be 0 - for inactive
pendingNextRoundTotalActiveStake = pendingNextRoundTotalActiveStake.sub(lastStake);

[L-03] No function implemented for setMaxEarningsClaimsRounds()

The constructor natspec says that setMaxEarningsClaimsRounds() should be called to initialize state variables post-deployment. However there is no such function implemented anywhere

/**
 * @notice BondingManager constructor. Only invokes constructor of base Manager contract with provided Controller address
 * @dev This constructor will not initialize any state variables besides `controller`. The following setter functions
 * should be used to initialize state variables post-deployment:
 * - setUnbondingPeriod()
 * - setNumActiveTranscoders()
 * - setMaxEarningsClaimsRounds()
 * @param _controller Address of Controller that this contract will be registered with
 */

Non-critical

[NC-01] Typos

  • GovernorCountingOverriable.sol ( #L35 , #L59 ):
    // @audit Typo - instead of "specicic" use "specific"
35: // @dev Tracks state of specicic voters in a single proposal.

    // @audit Typo - instead of "abstain" use "against"
59: // @notice The required percentage of "for" votes in relation to the total opinionated votes (for and abstain) for
    // @audit Typo - instead of "Notce that..." use "Notice that this is different"
65: // @dev Stores a list of checkpoints for the total active stake, queryable and mapped by round. Notce that
66: // differently from bonding checkpoints, it's only accessible on the specific round. To access the checkpoint for a

[NC-02] Functions need a more descriptive name

Some functions say they set one thing but set something different and some function names are too ambiguous.

#0 - 141345

2023-09-09T15:36:43Z

L-01 is dup of https://github.com/code-423n4/2023-08-livepeer-findings/issues/131

#1 - c4-pre-sort

2023-09-09T15:53:32Z

141345 marked the issue as high quality report

#2 - victorges

2023-09-15T18:44:42Z

L-01

This is known and expected behavior, which has an explicit check in the code to guarantee consistency. An improvement could be made to the code but the current one works as expected.

L-02

Valid point on doc that oversimplifies the behavior of the field and can be confusing. In the way these fields are read, that 0 value wouldn't matter though: https://github.com/livepeer/protocol/blob/ca3f5bb7a65dedba0f6be6a341d184c48553be98/contracts/bonding/BondingManager.sol#L1159

L-03

Misleading docs. Probably a deprecated property that doesn't exist anymore. Here's the deploy code of that contract for reference: https://github.com/code-423n4/2023-08-livepeer/blob/23bd30274c4d426c4bb01da661ad3ef2480c6494/deploy/deploy_contracts.ts#L215-L230

NC-01

Good docs improvements

NC-02

Valid points, but expected behavior, might not fix.

#3 - c4-sponsor

2023-09-15T18:45:22Z

victorges (sponsor) confirmed

#4 - c4-judge

2023-09-20T10:41:36Z

HickupHH3 marked the issue as grade-b

#5 - c4-judge

2023-09-21T10:23:39Z

HickupHH3 marked the issue as grade-a

#6 - HickupHH3

2023-09-22T03:45:51Z

L-01: R L-02: R L-03: L NC-01: NC NC-02: R

1L 3R 1NC

#7 - c4-judge

2023-09-22T03:46:11Z

HickupHH3 marked the issue as selected for report

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter