Back to SooYa's contests

Trader Joe v2 contest - SooYa's results

One-stop-shop decentralized trading on Avalanche.

General Information

Platform: Code4rena

Start Date: 14/10/2022

Pot Size: $100,000 USDC

Total HM: 12

Participants: 75

Period: 9 days

Judge: GalloDaSballo

Total Solo HM: 1

Id: 171

League: ETH

Trader Joe

Findings Distribution

Researcher Performance

Rank: 68/75

Findings: 1

Award: $0.01

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTrader Joe

Findings Information

🌟 Selected for report: 0xSmartContract

Also found by: Aymen0909, Dravee, Josiah, M4TZ1P, Mukund, Nyx, SooYa, catchup, cccz, chaduke, csanuragjain, djxploit, hansfriese, ladboy233, leosathya, pashov, rvierdiiev, sorrynotsorry, supernova, vv7, wagmi, zzykxx

Awards

0.006 USDC - $0.01

Labels

bug
2 (Med Risk)
satisfactory
duplicate-139

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-10-traderjoe/blob/main/src/LBFactory.sol#L474-L481

Vulnerability details

Impact

setFlashLoanFee is only callable by the owner, it is important to add bound for the flashLoanFee, so the protocol doesn't set the flashLoanFee too high which can harm the users.

Proof of Concept

https://github.com/code-423n4/2022-10-traderjoe/blob/main/src/LBFactory.sol#L474-L481

Tools Used

Manual Analysis

Add bound to the setFlashLoanFee function

#0 - GalloDaSballo

2022-10-27T21:15:56Z

Dup of https://github.com/code-423n4/2022-10-traderjoe-findings/issues/138

#1 - c4-judge

2022-11-23T18:38:03Z

GalloDaSballo marked the issue as not a duplicate

#2 - c4-judge

2022-11-23T18:39:15Z

GalloDaSballo marked the issue as duplicate of #139

#3 - Simon-Busch

2022-12-05T06:32:44Z

Marked this issue as Satisfactory as requested by @GalloDaSballo

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter