Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $90,500 USDC
Total HM: 47
Participants: 169
Period: 7 days
Judge: LSDan
Total Solo HM: 9
Id: 211
League: ETH
Rank: 106/169
Findings: 2
Award: $36.63
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xdeadbeef0x
Also found by: 0Kage, 0xNazgul, 0xRobocop, Aymen0909, KIntern_NA, Kenshin, KingNFT, Krace, Kumpa, SadBase, aashar, apvlki, btk, cccz, critical-or-high, eccentricexit, fs0c, gjaldon, hansfriese, immeas, mert_eren, mgf15, mrpathfindr, orion, peanuts, rvi0x, rvierdiiev, supernova, ulqiorra, waldenyan20, y1cunhui
1.1529 USDC - $1.15
Judge has assessed an item in Issue #752 as 2 risk. The relevant finding follows:
Possibility of MultiRewardEscrow.claimReward() to be vulnerable to a reentrancy attack There are a bunch of external calls before setting accruedRewards[user][_rewardTokens[i]]to zero. Malicious actors can add some exploits on the external calls potentially draining the rewards pool of that reward token. It is recommended to refactor this conforming to the check-effects pattern
#0 - c4-judge
2023-03-01T01:26:04Z
dmvt marked the issue as duplicate of #402
#1 - c4-judge
2023-03-01T01:26:10Z
dmvt marked the issue as partial-25
#2 - c4-judge
2023-03-01T22:31:45Z
dmvt changed the severity to 3 (High Risk)
🌟 Selected for report: IllIllI
Also found by: 0x3b, 0xAgro, 0xBeirao, 0xMirce, 0xNineDec, 0xRobocop, 0xSmartContract, 0xTraub, 0xWeiss, 2997ms, 41i3xn, Awesome, Aymen0909, Bauer, Bnke0x0, Breeje, Cryptor, DadeKuma, Deathstore, Deekshith99, DevABDee, DevTimSch, Dewaxindo, Diana, Ermaniwe, Guild_3, H0, IceBear, Inspectah, JDeryl, Kaiziron, Kaysoft, Kenshin, Mukund, Praise, RaymondFam, Rickard, Rolezn, Ruhum, Sathish9098, SkyWalkerMan, SleepingBugs, UdarTeam, Udsen, Walter, aashar, adeolu, apvlki, arialblack14, ast3ros, btk, chaduke, chandkommanaboyina, chrisdior4, climber2002, codetilda, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, descharre, dharma09, doublesharp, eccentricexit, ethernomad, fs0c, georgits, halden, hansfriese, hashminer0725, immeas, lukris02, luxartvinsec, matrix_0wl, merlin, mookimgo, mrpathfindr, nadin, olegthegoat, pavankv, rbserver, rebase, savi0ur, sayan, scokaf, seeu, shark, simon135, tnevler, tsvetanovv, ulqiorra, ustas, waldenyan20, y1cunhui, yongskiws, yosuke
35.4779 USDC - $35.48
rewardToken does not revert.The affected functions are the following:
In instances that reward tokens are unable to revert, the contract will proceed to call the MultiRewardStaking contract right away. Luckily, the transfer used in MultiRewardStaking.addRewardToken() and MultiRewardStaking.fundReward() contains safeTransferFrom which will revert if no tokens were transferred to the adminProxy and VaultController.
MultiRewardEscrow.claimReward() to be vulnerable to a reentrancy attackThere are a bunch of external calls before setting accruedRewards[user][_rewardTokens[i]] to zero. Malicious actors can add some exploits on the external calls potentially draining the rewards pool of that reward token. It is recommended to refactor this conforming to the check-effects pattern
Setting max allowance might completely drain user funds if exploited by malicious actors.
This was observed in the following contracts:
Vault.solVaultController.solAdapterBase.solBeefyAdapter.solMultiRewardsStaking.sol#0 - c4-judge
2023-02-28T15:10:13Z
dmvt marked the issue as grade-b