Munchables - RotiTelur's results

A web3 point farming game in which Keepers nurture creatures to help them evolve, deploying strategies to earn them rewards in competition with other players.

General Information

Platform: Code4rena

Start Date: 22/05/2024

Pot Size: $20,000 USDC

Total HM: 6

Participants: 126

Period: 5 days

Judge: 0xsomeone

Total Solo HM: 1

Id: 379

League: ETH

Munchables

Findings Distribution

Researcher Performance

Rank: 110/126

Findings: 1

Award: $0.01

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Munchables

Findings Information

🌟 Selected for report: robertodf99

Also found by: 0xAadi, 0xAkira, 0xdice91, 0xhacksmithh, 0xleadwizard, AgileJune, Bauchibred, Bbash, Beosin, Bigsam, Dots, EPSec, EaglesSecurity, Eeyore, Evo, John_Femi, Mahmud, MrPotatoMagic, RotiTelur, Rushkov_Boyan, Sabit, Sentryx, Stormreckson, Topmark, Tychai0s, Utsav, Walter, ZanyBonzy, ZdravkoHr, adam-idarrha, araj, aslanbek, avoloder, bigtone, brevis, brgltd, carrotsmuggler, crypticdefense, dd0x7e8, dhank, djanerch, falconhoof, iamandreiski, joaovwfreire, leegh, merlinboii, mitko1111, pamprikrumplikas, pfapostol, prapandey031, swizz, trachev, twcctop, typicalHuman, unique, xyz

Awards

0.0148 USDC - $0.01

Labels

bug

2 (Med Risk)

satisfactory

sufficient quality report

:robot:_11_group

duplicate-495

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L177-L242

Vulnerability details

A user with the pricefeed_n role can disapprove a proposal and then approve it again.

Impact

Voting Manipulation: The ability to change votes can lead to manipulation of the voting process. Governance Instability: Governance decisions may become unstable if votes can be easily changed. Increased Contract Complexity: Allowing vote changes adds unnecessary complexity to the contract logic.

Proof of Concept

There are 5 addresses with the pricefeed_n role. One of these addresses can disapprove a proposal and then approve it again, leading to the issues mentioned.

Tool use Manual

Recommended Mitigation Steps

function approveUSDPrice(uint256 _price) external onlyOneOfRoles([...]) {
   if (usdUpdateProposal.proposer == address(0)) revert NoProposalError();
   if (usdUpdateProposal.proposer == msg.sender) revert ProposerCannotApproveError();
   if (usdUpdateProposal.approvals[msg.sender] == _usdProposalId) revert ProposalAlreadyApprovedError();
+++   if (usdUpdateProposal.disapprovals[msg.sender] == _usdProposalId) revert ProposalAlreadyDisapprovedError();
   if (usdUpdateProposal.proposedPrice != _price) revert ProposalPriceNotMatchedError();


   usdUpdateProposal.approvals[msg.sender] = _usdProposalId;
   usdUpdateProposal.approvalsCount++;


   if (usdUpdateProposal.approvalsCount >= APPROVE_THRESHOLD) {
       _execUSDPriceUpdate();
   }


   emit ApprovedUSDPrice(msg.sender);
}

Assessed type

Other

#0 - c4-judge
2024-06-05T12:42:37Z

alex-ppg marked the issue as satisfactory

Munchables - RotiTelur's results

A web3 point farming game in which Keepers nurture creatures to help them evolve, deploying strategies to earn them rewards in competition with other players.

General Information

Findings Distribution

Researcher Performance

External Links

[M-01] Users Can Disapprove and Then Approve Proposals - $0.01

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

Assessed type

#0 - c4-judge2024-06-05T12:42:37Z

#0 - c4-judge
2024-06-05T12:42:37Z