Back to almurhasan's contests

Ethena Labs - almurhasan's results

Enabling The Internet Bond

General Information

Platform: Code4rena

Start Date: 24/10/2023

Pot Size: $36,500 USDC

Total HM: 4

Participants: 147

Period: 6 days

Judge: 0xDjango

Id: 299

League: ETH

Ethena Labs

Findings Distribution

Researcher Performance

Rank: 130/147

Findings: 1

Award: $4.52

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEthena Labs

Findings Information

🌟 Selected for report: 0xmystery

Also found by: 0x11singh99, 0xAadi, 0xAlix2, 0xG0P1, 0xStalin, 0xWaitress, 0x_Scar, 0xhacksmithh, 0xhunter, 0xpiken, Al-Qa-qa, Arz, Avci, Bauchibred, BeliSesir, Breeje, Bughunter101, DarkTower, Eeyore, Fitro, HChang26, Imlazy0ne, J4X, JCK, Kaysoft, Kral01, Madalad, Mike_Bello90, Noro, PASCAL, PENGUN, Proxy, Rickard, Shubham, SovaSlava, Strausses, Team_Rocket, ThreeSigma, Topmark, Udsen, Walter, Yanchuan, Zach_166, ZanyBonzy, adam-idarrha, adeolu, almurhasan, arjun16, ast3ros, asui, ayden, btk, cartlex_, castle_chain, cccz, chainsnake, codynhat, critical-or-high, cryptonue, csanuragjain, deepkin, degensec, dirk_y, erebus, foxb868, ge6a, hunter_w3b, jasonxiale, kkkmmmsk, lanrebayode77, lsaudit, marchev, matrix_0wl, max10afternoon, nuthan2x, oakcobalt, oxchsyston, pavankv, peanuts, pep7siup, pipidu83, pontifex, ptsanev, qpzm, radev_sw, rokinot, rotcivegaf, rvierdiiev, sorrynotsorry, squeaky_cactus, supersizer0x, tnquanghuy0512, twcctop, twicek, young, zhaojie, ziyou-

Awards

4.5226 USDC - $4.52

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
sufficient quality report
duplicate-514
Q-76

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDeV2.sol#L126

Vulnerability details

Proof of Concept

System properties are broken when Cooldown duration is changed during an ongoing cooldownduration period and users call multiple times the function cooldownShares/cooldownAssets before unstaking the previous stUSDe . Let’s take a example,

  1. Let assume alice has 100 stUSDe in StakedUSDeV2 contract.
  2. Currently cooldownduration is 20 days.
  3. Alice wants to withdraw 50 stUSDe .
  4. Alice calls the function cooldownAssets with 50 as asset input and owner as himself.
  5. So state variable is updated as cooldowns[alice].cooldownEnd = 20 days. cooldowns[alice].underlyingAmount = 50.
  6. Now DEFAULT_ADMIN_ROLE changes the cooldownduration to 90 days. 7.Before unstaking the previous 50 stUSDe, alice again calls function cooldownAssets with 25 as asset input amount to withdraw 25 stUSDe. Now alice state variable is updated as cooldowns[alice].cooldownEnd = 90 days And cooldowns[alice].underlyingAmount = 75.

Impact

User have to wait longer than expected to unstake his stUSDe.

Tools Used

manual review

Enable setting a new value for cooldownduration only if there’s no active cooldown and validate that users can’t call cooldownShares/cooldownAssets before unstaking the previous stUSDe or define every cooldown withdrawal differently of a user.

Assessed type

Invalid Validation

#0 - c4-pre-sort

2023-10-31T05:32:56Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-10-31T05:33:07Z

raymondfam marked the issue as duplicate of #4

#2 - c4-pre-sort

2023-11-01T19:36:38Z

raymondfam marked the issue as duplicate of #514

#3 - c4-judge

2023-11-10T21:26:59Z

fatherGoose1 marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2023-11-17T17:04:09Z

fatherGoose1 changed the severity to QA (Quality Assurance)

#5 - c4-judge

2023-11-20T20:19:41Z

fatherGoose1 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter