Platform: Code4rena
Start Date: 09/02/2024
Pot Size: $60,500 USDC
Total HM: 17
Participants: 283
Period: 12 days
Judge:
Id: 328
League: ETH
Rank: 241/283
Findings: 2
Award: $0.73
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ahmedaghadi
Also found by: 0x13, 0xAleko, 0xDetermination, 0xKowalski, 0xPluto, 0xRiO, 0xvj, AlexCzm, Avci, BARW, BigVeezus, Cryptor, DeFiHackLabs, Draiakoo, Fitro, Giorgio, GoSlang, Greed, Honour, Kalogerone, KmanOfficial, Krace, McToady, MidgarAudits, MrPotatoMagic, Nyxaris, ReadyPlayer2, Ryonen, SovaSlava, SpicyMeatball, VAD37, _eperezok, alexzoid, almurhasan, btk, cu5t0mpeo, deadrxsezzz, djxploit, dvrkzy, emrekocak, erosjohn, evmboi32, fnanni, grearlake, inzinko, jesjupyter, jesusrod15, josephdara, ke1caM, klau5, ktg, ladboy233, merlinboii, nuthan2x, peanuts, pipidu83, pontifex, radev_sw, sl1, sobieski, soliditywala, t0x1c, taner2344, vnavascues, y4y, yovchev_yoan, zaevlad
0.2347 USDC - $0.23
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/RankedBattle.sol#L294
Users may not claim NRN due to DOS.
Let assume, Alice gets a fighter nft after 1000(or whatever big number) roundid.
Alice gets some points after 1001 roundid.
Alice call the claimNRN function,this will revert as alice’s lowerbound = 0 and current roundid = 1001, so the iteration may revert due to out of gas error.
manual review
DoS
#0 - c4-pre-sort
2024-02-25T02:24:11Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-25T02:24:21Z
raymondfam marked the issue as duplicate of #1541
#2 - c4-judge
2024-03-11T13:00:58Z
HickupHH3 marked the issue as duplicate of #216
#3 - c4-judge
2024-03-12T02:44:06Z
HickupHH3 marked the issue as partial-50
#4 - c4-judge
2024-03-21T02:11:05Z
HickupHH3 marked the issue as satisfactory
🌟 Selected for report: ahmedaghadi
Also found by: 0x13, 0xAleko, 0xDetermination, 0xKowalski, 0xPluto, 0xRiO, 0xvj, AlexCzm, Avci, BARW, BigVeezus, Cryptor, DeFiHackLabs, Draiakoo, Fitro, Giorgio, GoSlang, Greed, Honour, Kalogerone, KmanOfficial, Krace, McToady, MidgarAudits, MrPotatoMagic, Nyxaris, ReadyPlayer2, Ryonen, SovaSlava, SpicyMeatball, VAD37, _eperezok, alexzoid, almurhasan, btk, cu5t0mpeo, deadrxsezzz, djxploit, dvrkzy, emrekocak, erosjohn, evmboi32, fnanni, grearlake, inzinko, jesjupyter, jesusrod15, josephdara, ke1caM, klau5, ktg, ladboy233, merlinboii, nuthan2x, peanuts, pipidu83, pontifex, radev_sw, sl1, sobieski, soliditywala, t0x1c, taner2344, vnavascues, y4y, yovchev_yoan, zaevlad
0.2347 USDC - $0.23
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/MergingPool.sol#L139
Users may not claim nft rewards in Mergingpool contract due to DOS.
Let assume, Alice gets a fighter nft after 1000(or whatever big number) roundid.
Alice become winner for rounid 1001 in mergingpool contract.
Alice calls the claimRewards function, this will revert as alice’s lowerbound = 0 and current roundid = 1001, so the iteration may revert due to out of gas error
manual review
DoS
#0 - c4-pre-sort
2024-02-25T02:24:31Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-25T02:24:57Z
raymondfam marked the issue as duplicate of #1541
#2 - c4-judge
2024-03-11T13:00:59Z
HickupHH3 marked the issue as duplicate of #216
#3 - c4-judge
2024-03-12T02:44:11Z
HickupHH3 marked the issue as partial-50
#4 - c4-judge
2024-03-21T02:11:11Z
HickupHH3 marked the issue as satisfactory
🌟 Selected for report: klau5
Also found by: 0xAlix2, 0xCiphky, 0xDetermination, 0xG0P1, 0xMosh, 0xabhay, 14si2o_Flint, AlexCzm, Aymen0909, CodeWasp, DanielArmstrong, FloatingPragma, Giorgio, JCN, Jorgect, Kalogerone, KmanOfficial, Kow, KupiaSec, McToady, SpicyMeatball, VAD37, WoolCentaur, ZanyBonzy, alexxander, alexzoid, almurhasan, blutorque, csanuragjain, denzi_, dipp, djxploit, evmboi32, handsomegiraffe, haxatron, immeas, jesjupyter, ke1caM, klau5, lanrebayode77, lil_eth, merlin, merlinboii, nuthan2x, peanuts, shaflow2, shaka, sl1, solmaxis69, stakog, swizz, t0x1c, tallo, ubermensch, vnavascues, yotov721
0.5044 USDC - $0.50
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/RankedBattle.sol#L477
Users can game the system to avoid losing stakeAtRisk NRN.
Let assume, alice(a challenger) has staked 500 NRN and alice will fight 10 battles for the round.
After 9 battles,Alice's stakeAtRisk = 50,AccumulatedPoints = 0.
Alice loses the battle number 10.
Before updating the battle record, Alice unstakes remaining 450 NRN.
Now alice’s curStakeAtRisk sets to 0 ( as amountStaked[tokenId] = 0)
6.So Alice loses 0 curStakeAtRisk i.e 0 staked NRN by gaming the rules which is unfair.
manual review
Prevent the unfair mechanism
MEV
#0 - c4-pre-sort
2024-02-23T03:05:21Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-23T03:05:29Z
raymondfam marked the issue as duplicate of #51
#2 - c4-pre-sort
2024-02-26T02:23:51Z
raymondfam marked the issue as duplicate of #136
#3 - c4-judge
2024-03-08T04:05:45Z
HickupHH3 marked the issue as unsatisfactory: Invalid
#4 - c4-judge
2024-03-08T04:09:32Z
HickupHH3 marked the issue as unsatisfactory: Invalid
#5 - c4-judge
2024-03-08T04:09:35Z
HickupHH3 marked the issue as unsatisfactory: Invalid
#6 - c4-judge
2024-03-13T14:43:22Z
HickupHH3 marked the issue as not a duplicate
#7 - HickupHH3
2024-03-13T14:43:28Z
dup #833
#8 - c4-judge
2024-03-13T14:43:38Z
HickupHH3 marked the issue as duplicate of #1641
#9 - c4-judge
2024-03-13T14:44:14Z
HickupHH3 changed the severity to 2 (Med Risk)
#10 - c4-judge
2024-03-13T14:44:25Z
HickupHH3 removed the grade
#11 - c4-judge
2024-03-13T14:44:34Z
HickupHH3 marked the issue as satisfactory
#12 - c4-judge
2024-03-13T14:44:42Z
HickupHH3 marked the issue as partial-50
#13 - HickupHH3
2024-03-13T14:45:02Z
very brief write-up, could use more elaboration.