Back to V_B's contests

Canto Dex Oracle contest - V_B's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 07/09/2022

Pot Size: $20,000 CANTO

Total HM: 7

Participants: 65

Period: 1 day

Judge: 0xean

Total Solo HM: 3

Id: 159

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 13/65

Findings: 1

Award: $210.46

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: Chom

Also found by: 0xSmartContract, Jeiwan, SinceJuly, V_B, cccz, linmiaomiao

Labels

bug
duplicate
2 (Med Risk)
sponsor disputed

Awards

1303.145 CANTO - $210.46

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-09-canto/blob/65fbb8b9de22cf8f8f3d742b38b4be41ee35c468/src/Swap/BaseV1-periphery.sol#L490

Vulnerability details

Impact

In function named getUnderlyingPrice the BaseV1Router01 contract desides price of the token by comparing tokens' symbol name with predefined constant. By passing custom token attacker can force returned value of getUnderlyingPrice function to be incorrect.

Decide the type when calculating underlying price of the token by comparing its address with immutable constants.

#0 - nivasan1

2022-09-09T19:22:22Z

The getUnderlyingPrice output is specifically meant to be referenced by the comptroller. In this case, the user would have to first have their fake token be approved by chain governance in the lending market. This is unlikely, as a co-ordinated attack to manipulate this would require a user to over-ride quorum in governance, which would imply a majority stake in the network

#1 - nivasan1

2022-09-10T17:23:40Z

duplicate #24

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter