Back to Randyyy's contests

FEI and TRIBE Redemption contest - Randyyy's results

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

General Information

Platform: Code4rena

Start Date: 09/09/2022

Pot Size: $42,000 USDC

Total HM: 2

Participants: 101

Period: 3 days

Judge: hickuphh3

Total Solo HM: 2

Id: 161

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 29/101

Findings: 1

Award: $33.67

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTribe

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas

Awards

33.6679 USDC - $33.67

Labels

bug
QA (Quality Assurance)
old-submission-method

External Links

Link to GitHub issue
  1. Missing has not sign modifier

##POC https://github.com/code-423n4/2022-09-tribe/blob/main/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L93

##IMPACT making a user that has called sign function be able to call sign and claim function.

2.Redeem base can't be modified after deployment.

##POC https://github.com/code-423n4/2022-09-tribe/blob/main/contracts/shutdown/redeem/TribeRedeemer.sol#L34

##IMPACT While deploying the tribe redeemer contract the deployer might set the redeem base value to a wrong value, this could lead user that wants to redeem their TRIBE token didn't get what they are expecting and the deployer/owner cant fix this because there is no function that can modify the redeem base value.

  1. While redeeming TRIBE token the total suply didnt decrease.

##POC https://github.com/code-423n4/2022-09-tribe/blob/main/contracts/shutdown/redeem/TribeRedeemer.sol#L65

##IMPACT While redeeming TRIBE token a user get a number of ERC20 token, while burning the TRIBE token if you burn the TRIBE token you will need to call burn function so, the total supply will decrease. So, the total supply will match the actual circulated TRIBE token.

#0 - HickupHH3

2022-10-08T08:29:04Z

disagree with last issue; burning is not required, that's what redeemBase is for.

redeemBase = base - amountIn; // decrement the base for future redemptions
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter