Back to aga7hokakological's contests

Forgeries contest - aga7hokakological's results

A protocol for on-chain games with NFT prizes on Ethereum.

General Information

Platform: Code4rena

Start Date: 13/12/2022

Pot Size: $36,500 USDC

Total HM: 5

Participants: 77

Period: 3 days

Judge: gzeon

Total Solo HM: 1

Id: 191

League: ETH

Forgeries

Findings Distribution

Researcher Performance

Rank: 19/77

Findings: 1

Award: $110.27

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryForgeries

Findings Information

🌟 Selected for report: Trust

Also found by: Apocalypto, Madalad, Matin, aga7hokakological, evan, kaliberpoziomka8552, mookimgo, poirots, subtle77, wagmi, yixxas

Labels

bug
2 (Med Risk)
satisfactory
duplicate-273

Awards

110.2711 USDC - $110.27

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-forgeries/blob/main/src/VRFNFTRandomDraw.sol#L33

Vulnerability details

Impact

Current month value is more than the real value in seconds for month which can cause wrong calculation in recovery time.

Proof of Concept

Here if you see MONTH_IN_SECONDS * 12 which is 217728000 instead of regular value: 31556926

Tools Used

Manual Analysis

Add year variable setting it to seconds: 31556926 and change month variable value: 3600*24*30

#0 - c4-judge

2022-12-17T12:53:34Z

gzeon-c4 marked the issue as duplicate of #273

#1 - c4-judge

2022-12-17T12:53:58Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter