Back to SmartSek's contests

Tigris Trade contest - SmartSek's results

A multi-chain decentralized leveraged exchange featuring instant settlement and guaranteed price execution on 30+ pairs.

General Information

Platform: Code4rena

Start Date: 09/12/2022

Pot Size: $90,500 USDC

Total HM: 35

Participants: 84

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 12

Id: 192

League: ETH

Tigris Trade

Findings Distribution

Researcher Performance

Rank: 84/84

Findings: 1

Award: $1.15

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTigris Trade

Findings Information

🌟 Selected for report: 0xA5DF

Also found by: 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xdeadbeef0x, 8olidity, Englave, Faith, HE1M, JohnnyTime, Madalad, Mukund, Ruhum, SmartSek, __141345__, aviggiano, carlitox477, cccz, chaduke, francoHacker, gz627, gzeon, hansfriese, hihen, imare, jadezti, kwhuo68, ladboy233, orion, peanuts, philogy, rbserver, wait, yjrwkk

Awards

1.1472 USDC - $1.15

Labels

bug
2 (Med Risk)
judge review requested
satisfactory
sponsor acknowledged
duplicate-377

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/496e1974ee3838be8759e7b4096dbee1b8795593/contracts/Trading.sol#L893-L905

Vulnerability details

Impact

blockDelay could be accidentally set to a large value and lead to positions never closing. and Profitable opening and closing can be executed in the same transaction with two different prices in the "valid signature pool" until setBlockDelay() is called.

Proof of Concept

No boundaries when setting blockDelay. https://github.com/code-423n4/2022-12-tigris/blob/496e1974ee3838be8759e7b4096dbee1b8795593/contracts/Trading.sol#L893-L905

    /**
     * @dev Sets block delay between opening and closing
     * @notice In blocks not seconds
     * @param _blockDelay delay amount
     */
    function setBlockDelay(
        uint _blockDelay
    )
        external
        onlyOwner
    {
        blockDelay = _blockDelay;
    }

https://github.com/code-423n4/2022-12-tigris/blob/496e1974ee3838be8759e7b4096dbee1b8795593/contracts/Trading.sol#L857-L868

    function _checkDelay(uint _id, bool _type) internal {
        unchecked {
            Delay memory _delay = blockDelayPassed[_id];
            if (_delay.actionType == _type) {
                blockDelayPassed[_id].delay = block.number + blockDelay;
            } else {
                if (block.number < _delay.delay) revert("0"); //Wait
                blockDelayPassed[_id].delay = block.number + blockDelay;
                blockDelayPassed[_id].actionType = _type;
            }
        }
    }

Implement boundaries so there is no risk of accidentally setting it to a value too large or early users having a chance to execute opening and closing trades in the same transaction.

#0 - c4-judge

2022-12-23T17:35:25Z

GalloDaSballo marked the issue as primary issue

#1 - TriHaz

2023-01-09T18:07:28Z

We are aware of the centralization risks, initially, all contracts will have a multi-sig as owner to prevent a sole owner, later on a DAO could be the owner. Adding a check while setting blockDelay is a good solution but I would mark it as QA. need judge opinion.

#2 - c4-sponsor

2023-01-09T18:07:35Z

TriHaz marked the issue as sponsor acknowledged

#3 - c4-sponsor

2023-01-09T18:07:40Z

TriHaz requested judge review

#4 - c4-judge

2023-01-19T19:51:46Z

GalloDaSballo marked the issue as duplicate of #377

#5 - c4-judge

2023-01-22T17:35:01Z

GalloDaSballo marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter