Trader Joe v2 contest - SEVEN's results

One-stop-shop decentralized trading on Avalanche.

General Information

Platform: Code4rena

Start Date: 14/10/2022

Pot Size: $100,000 USDC

Total HM: 12

Participants: 75

Period: 9 days

Judge: GalloDaSballo

Total Solo HM: 1

Id: 171

League: ETH

Trader Joe

Findings Distribution

Researcher Performance

Rank: 63/75

Findings: 1

Award: $0.16

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Trader Joe

Findings Information

🌟 Selected for report: Dravee

Also found by: 8olidity, JMukesh, Lambda, Randyyy, RaoulSchaffranek, SEVEN, Tutturu, __141345__, bitbopper, cccz, hansfriese, hxzy, ne0n, neumo, parashar, phaze, saian

Awards

0.1634 USDC - $0.16

Labels

bug

3 (High Risk)

low quality report

partial-50

duplicate-299

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-10-traderjoe/blob/main/src/LBToken.sol#L190-L195

Vulnerability details

Impact

When the sender is equal to the receiver, the asset can be inflated

Proof of Concept

address _from = address _to _fromBalance = _toBalance _balances[_id][_from] = _fromBalance - _amount; _balances[_id][_to] = _toBalance + _amount; will lead to inflated assets

Tools Used

vscode

Recommended Mitigation Steps

#0 - Shungy
2022-10-25T22:02:38Z

I believe this finding to be technically valid.

It is duplicate of https://github.com/code-423n4/2022-10-traderjoe-findings/issues/266, but this report is of very low quality.

#1 - GalloDaSballo
2022-10-25T23:37:42Z

Needs more detail for High Severity

#2 - GalloDaSballo
2022-10-26T16:37:27Z

Checking for rules on partial duplicates

#3 - GalloDaSballo
2022-11-08T22:12:30Z

Dup of https://github.com/code-423n4/2022-10-traderjoe-findings/issues/299

#4 - c4-judge
2022-11-14T13:57:29Z

GalloDaSballo marked the issue as duplicate of #299

Trader Joe v2 contest - SEVEN's results

One-stop-shop decentralized trading on Avalanche.

General Information

Findings Distribution

Researcher Performance

External Links

[H-01] Allow user assets to inflate - $0.16

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - Shungy2022-10-25T22:02:38Z

#1 - GalloDaSballo2022-10-25T23:37:42Z

#2 - GalloDaSballo2022-10-26T16:37:27Z

#3 - GalloDaSballo2022-11-08T22:12:30Z

#4 - c4-judge2022-11-14T13:57:29Z

#0 - Shungy
2022-10-25T22:02:38Z

#1 - GalloDaSballo
2022-10-25T23:37:42Z

#2 - GalloDaSballo
2022-10-26T16:37:27Z

#3 - GalloDaSballo
2022-11-08T22:12:30Z

#4 - c4-judge
2022-11-14T13:57:29Z