Back to SpicyMeatball's contests

Good Entry - SpicyMeatball's results

The best day trading platform to make every trade entry a Good Entry.

General Information

Platform: Code4rena

Start Date: 01/08/2023

Pot Size: $91,500 USDC

Total HM: 14

Participants: 80

Period: 6 days

Judge: gzeon

Total Solo HM: 6

Id: 269

League: ETH

Good Entry

Findings Distribution

Researcher Performance

Rank: 46/80

Findings: 1

Award: $91.19

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryGood Entry

Findings Information

🌟 Selected for report: said

Also found by: 3docSec, HChang26, Jeiwan, SpicyMeatball, giovannidisiena, jesusrod15, oakcobalt, pep7siup

Labels

bug
2 (Med Risk)
satisfactory
duplicate-254

Awards

91.1886 USDC - $91.19

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L159-L160 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L100

Vulnerability details

Impact

When initializing a new tokenisable range contract, the admin should send some amounts of token0 and token1 to the TokenisableRange contract to mint and create a new position on Uniswap,

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L142

in some cases there will be spare amounts of tokens that weren't added to the liquidity, they are refunded back to the RangeManager contract.

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L159-L160

But unlike tr tokens

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L101

they are not forwarded to the admin wallet after that and remain at the RangeManager balance, until cleanup won't deposit it to some user.

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L190

Proof of Concept

see above

Tools Used

Manual review

Maybe it will be better to add additional parameter to the init function

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L134

function init(uint n0, uint n1, address to) external {
    ...
    TOKEN0.token.safeTransfer(to,  TOKEN0.token.balanceOf(address(this)));
    TOKEN1.token.safeTransfer(to, TOKEN1.token.balanceOf(address(this)));
    _mint(to, 1e18);
    emit Deposit(to, 1e18);

and call

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L100

TokenisableRange(tr).init(amount0, amount1, msg.sender);

Assessed type

Token-Transfer

#0 - c4-pre-sort

2023-08-09T15:14:54Z

141345 marked the issue as duplicate of #390

#1 - c4-pre-sort

2023-08-10T13:27:25Z

141345 marked the issue as duplicate of #254

#2 - c4-judge

2023-08-20T17:36:59Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter