Platform: Code4rena
Start Date: 22/09/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 175
Period: 14 days
Judge: alcueca
Total Solo HM: 4
Id: 287
League: ETH
Rank: 144/175
Findings: 1
Award: $11.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-
11.4657 USDC - $11.47
https://github.com/code-423n4/2023-09-maia/blob/main/src/BranchBridgeAgentExecutor.sol#L89 https://github.com/code-423n4/2023-09-maia/blob/main/src/BranchBridgeAgentExecutor.sol#L121 https://github.com/code-423n4/2023-09-maia/blob/main/src/BaseBranchRouter.sol#L146 https://github.com/code-423n4/2023-09-maia/blob/main/src/BaseBranchRouter.sol#L135
In executeWithSettlement & executeWithSettlementMultiple a call to base branch router's methods executeSettlement & executeWithSettlementMultiple are made if the payload length exceeds PARAMS_SETTLEMENT_OFFSET but both methods are not implemented
This will cause a DOS situation and not good for the protocol overall
Manual Review
Implement both methods in base branch router
DoS
#0 - c4-pre-sort
2023-10-14T13:35:16Z
0xA5DF marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-10-14T13:35:20Z
0xA5DF marked the issue as primary issue
#2 - 0xA5DF
2023-10-14T13:37:02Z
#318 is the same issue but with MulticallRootRouter
#3 - c4-sponsor
2023-10-17T19:47:55Z
0xLightt (sponsor) disputed
#4 - 0xLightt
2023-10-17T19:49:42Z
This is intended, these functions are not implemented by our base router implementations on purpose. Anyone can build their own router that implements those functions.
#5 - alcueca
2023-10-26T09:09:53Z
User error, unclear docs.
#6 - c4-judge
2023-10-26T09:10:12Z
alcueca changed the severity to QA (Quality Assurance)
#7 - c4-judge
2023-10-26T09:10:17Z
alcueca marked the issue as grade-b