Back to Tomio's contests

Sandclock contest - Tomio's results

The Next Generation of Wealth Creation.

General Information

Platform: Code4rena

Start Date: 06/01/2022

Pot Size: $60,000 USDC

Total HM: 20

Participants: 33

Period: 7 days

Judge: LSDan

Total Solo HM: 9

Id: 67

League: ETH

Sandclock

Findings Distribution

Researcher Performance

Rank: 20/33

Findings: 1

Award: $322.85

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySandclock

Findings Information

🌟 Selected for report: Ruhum

Also found by: Tomio, WatchPug, harleythedog

Labels

bug
duplicate
2 (Med Risk)
sponsor vault

Awards

322.8543 USDC - $322.85

External Links

Link to GitHub issue

Handle

Tomio

Vulnerability details

Impact

The implementation for the _transferAndCheckUnderlying function can revert the transaction if the underlying token is implementing a fee on the transfer and transferFrom function, this can happen because when a token implementing a fee on transfer, it actually transfer _amount - fee when doing the transfer. therefore the contract will receive less balance than the amount that was inputted.

Proof of Concept

https://github.com/code-423n4/2022-01-sandclock/blob/main/sandclock/contracts/Vault.sol#L588

Tools Used

uint256 balanceAfter = totalUnderlying() - balanceBefore;

#0 - gabrielpoca

2022-01-13T19:09:25Z

@ryuheimat this is invalid rigth?

#1 - naps62

2022-01-13T19:55:27Z

yes. we don't support tokens that take fees

#2 - dmvt

2022-01-27T22:19:34Z

Duplicate of #55

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter