Back to Udsen's contests

Good Entry - Udsen's results

The best day trading platform to make every trade entry a Good Entry.

General Information

Platform: Code4rena

Start Date: 01/08/2023

Pot Size: $91,500 USDC

Total HM: 14

Participants: 80

Period: 6 days

Judge: gzeon

Total Solo HM: 6

Id: 269

League: ETH

Good Entry

Findings Distribution

Researcher Performance

Rank: 71/80

Findings: 1

Award: $12.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryGood Entry

Findings Information

🌟 Selected for report: dd0x7e8

Also found by: Bughunter101, Fulum, Kaysoft, MatricksDeCoder, SanketKogekar, Sathish9098, T1MOH, Udsen, debo, fatherOfBlocks, grearlake, hpsb, j4ld1na, josephdara, parsely, pep7siup, piyushshukla, ravikiranweb3, shirochan

Awards

12.8772 USDC - $12.88

Labels

bug
2 (Med Risk)
satisfactory
duplicate-83

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L156 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L174 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L192

Vulnerability details

Impact

The V3Proxy.swapTokensForExactETH and V3Proxy.swapExactTokensForETH functions use the low level call function to transfer Eth to the msg.sender as shown below:

    payable(msg.sender).call{value: amountOut}("");

But there is no verification of the return value of the above low level call execution. The call function will not revert during failure but return boolean false value. Hence no checking the return value of the low level call execution will deem the transaction as successful even if the Eth transfer failed thus putting the msg.sender to a disadvantage and breaking the state of the contract as well.

Proof of Concept

        msg.sender.call{value: msg.value - amounts[0]}("");

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L156

        payable(msg.sender).call{value: amountOut}("");

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L174

        payable(msg.sender).call{value: amounts[1]}("");

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L192

Tools Used

Manual Review and VSCode

Hence it is recommended to check the return value of the low level call function as shown below:

(bool success, ) = payable(msg.sender).call{value: amountOut}("");
require(success, "Transfer failed");

Assessed type

ETH-Transfer

#0 - c4-pre-sort

2023-08-09T02:04:50Z

141345 marked the issue as duplicate of #481

#1 - c4-pre-sort

2023-08-09T09:26:14Z

141345 marked the issue as duplicate of #83

#2 - c4-judge

2023-08-20T17:11:38Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter