Back to alexzoid's contests

Badger eBTC Audit + Certora Formal Verification Competition - alexzoid's results

Use stETH to borrow Bitcoin with 0% fees | The only smart contract based #BTC.

General Information

Platform: Code4rena

Start Date: 24/10/2023

Pot Size: $149,725 USDC

Total HM: 7

Participants: 52

Period: 21 days

Judge: ronnyx2017

Total Solo HM: 2

Id: 300

League: ETH

eBTC Protocol

Findings Distribution

Researcher Performance

Rank: 47/52

Findings: 1

Award: $19.71

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryeBTC Protocol

Findings Information

🌟 Selected for report: SpicyMeatball

Also found by: 0xBeirao, 7ashraf, LokiThe5th, OMEN, TrungOre, alexzoid, alpha, bdmcbri, ether_sky, fatherOfBlocks, ge6a, hihen, hunter_w3b, jasonxiale, ladboy233, lsaudit, niroh, nobody2018, nonseodion, peanuts, prapandey031, shaka, twcctop, twicek, wangxx2026

Awards

19.712 USDC - $19.71

Labels

bug
grade-b
QA (Quality Assurance)
insufficient quality report
Q-07

External Links

Link to GitHub issue

Summary

Low Issues

Total of 1 issue:

IDIssue
[L-01]Missing Zero Address Check for _authorityAddress in EBTCToken Constructor

Low Issues

[L-01] - Missing Zero Address Check for _authorityAddress in EBTCToken Constructor

The lack of a zero address check for the _authorityAddress parameter in the EBTCToken constructor was identified as a vulnerability through a formal verification contest using the authNoOwnerInitializedAndAddressSetInConstructor() rule. This rule is designed to ensure that _authorityInitialized is true only when _authority is set to a non-zero address in AuthNoOwner contract.

invariant authNoOwnerInitializedAndAddressSetInConstructor() ghostAuthorityInitialized == (ghostAuthority != 0) 
    filtered { f -> f.selector == 0 } {
    preserved {
        require(false);
    }
}

In the initial EBTCToken contract, this rule was violated, suggesting that _authority could be set to the zero address while _authorityInitialized was true. This issue was not found in other contracts such as ActivePool.sol and CollSurplusPool.sol.

An additional point of concern is the setAuthority() function in the AuthNoOwner contract. This function is intended to set a new _authority address. However, if _authority is initially set to the zero address due to the absence of a zero address check in the constructor, it would be impossible to change the _authority later, as the setAuthority() function requires the current _authority to authorize the change. This limitation poses a significant risk to the contract's flexibility and security.

Recommendation: It is advised to implement a zero address check for _authorityAddress in the EBTCToken constructor or within the _initializeAuthority function. The proposed fix involves adding the following check before initializing the authority:

require(_authorityAddress != address(0), "EBTCToken: zero authority!");
_initializeAuthority(_authorityAddress);

#0 - c4-pre-sort

2023-11-17T14:47:33Z

bytes032 marked the issue as insufficient quality report

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter