Back to Soosh's contests

Canto v2 contest - Soosh's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 28/06/2022

Pot Size: $25,000 USDC

Total HM: 14

Participants: 50

Period: 4 days

Judge: GalloDaSballo

Total Solo HM: 7

Id: 141

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 24/50

Findings: 1

Award: $70.47

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: Picodes

Also found by: Soosh, cccz, ladboy233

Labels

bug
duplicate
2 (Med Risk)

Awards

70.4682 USDC - $70.47

External Links

Link to GitHub issue

ensure() modifier - require statement is commented out

The ensure(uint deadline) modifier is used in multiple functions such as addLiquidity and removeLiquidity but the require statement is commented out, the modifier is essentially usesless.

modifier ensure(uint deadline) {
        //require(deadline >= block.timestamp, "BaseV1Router: EXPIRED");
        _;
    }
Affects Stableswap/BaseV1-periphery.sol

The code: - https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/Stableswap/BaseV1-periphery.sol#L86

Recommendations

The modifier checks if deadline has already expired. In all cases of its use, the deadline is passed as an argument to the function. Even if it is used, it can be bypassed by supplying a wrong deadline. It depends if you want to keep the ensure modifier and uncomment the require statement or outright remove it as it serves no purpose.

#0 - GalloDaSballo

2022-08-14T19:48:44Z

Dup of #90

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter