Back to alexzoid's contests

Dopex - alexzoid's results

A rebate system for option writers in the Dopex Protocol.

General Information

Platform: Code4rena

Start Date: 21/08/2023

Pot Size: $125,000 USDC

Total HM: 26

Participants: 189

Period: 16 days

Judge: GalloDaSballo

Total Solo HM: 3

Id: 278

League: ETH

Dopex

Findings Distribution

Researcher Performance

Rank: 148/189

Findings: 1

Award: $7.84

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDopex

Findings Information

🌟 Selected for report: Vagner

Also found by: 0Kage, 0xCiphky, 0xnev, ABAIKUNANBAEV, Aymen0909, Evo, KmanOfficial, MohammedRizwan, T1MOH, Viktor_Cortess, Yanchuan, ak1, alexzoid, bin2chen, codegpt, hals, ladboy233, mrudenko, nemveer, oakcobalt, peakbolt, pep7siup, qbs, said, savi0ur, tapir, wintermute, zaevlad, zzebra83

Awards

7.8372 USDC - $7.84

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
sufficient quality report
duplicate-269

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/amo/UniV2LiquidityAmo.sol#L160-L178

Vulnerability details

Impact

The function _sendTokensToRdpxV2Core() in UniV2LiquidityAmo transfers tokens A and B to rdpxV2Core but doesn't synchronize the new token balances in the core contract. This could lead to inconsistencies in the state of the rdpxV2Core contract, potentially affecting subsequent operations like swaps, liquidity provision, or withdrawals.

Tools Used

Manual review

Add a synchronization call (IRdpxV2Core(rdpxV2Core).sync();) after transferring tokens in _sendTokensToRdpxV2Core() in UniV2LiquidityAmo, similar to what's done in UniV3LiquidityAmo.

  /**
   * @dev sends token A and B to the rdpxV2Core
   */
  function _sendTokensToRdpxV2Core() internal {
    uint256 tokenABalance = IERC20WithBurn(addresses.tokenA).balanceOf(
      address(this)
    );
    uint256 tokenBBalance = IERC20WithBurn(addresses.tokenB).balanceOf(
      address(this)
    );
    // transfer token A and B from this contract to the rdpxV2Core
    IERC20WithBurn(addresses.tokenA).safeTransfer(
      addresses.rdpxV2Core,
      tokenABalance
    );
    IERC20WithBurn(addresses.tokenB).safeTransfer(
      addresses.rdpxV2Core,
      tokenBBalance
    );

    // sync token balances
    IRdpxV2Core(rdpxV2Core).sync();

    emit LogAssetsTransfered(msg.sender, tokenABalance, tokenBBalance); // @audit
  }

Assessed type

Other

#0 - c4-pre-sort

2023-09-09T03:44:50Z

bytes032 marked the issue as duplicate of #798

#1 - c4-pre-sort

2023-09-09T04:09:39Z

bytes032 marked the issue as duplicate of #269

#2 - c4-pre-sort

2023-09-11T11:58:46Z

bytes032 marked the issue as sufficient quality report

#3 - c4-judge

2023-10-15T18:11:30Z

GalloDaSballo marked the issue as satisfactory

#4 - c4-judge

2023-10-20T19:39:05Z

GalloDaSballo changed the severity to 2 (Med Risk)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter