Back to auditor0517's contests

Illuminate contest - auditor0517's results

Your Sole Source For Fixed-Yields.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $55,000 USDC

Total HM: 29

Participants: 88

Period: 5 days

Judge: gzeon

Total Solo HM: 7

Id: 134

League: ETH

Illuminate

Findings Distribution

Researcher Performance

Rank: 24/88

Findings: 3

Award: $553.30

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryIlluminate

Findings Information

🌟 Selected for report: auditor0517

Also found by: 0x52, cccz, datapunk, kenzo, pashov

Labels

bug
3 (High Risk)
sponsor confirmed

Awards

372.2221 USDC - $372.22

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-06-illuminate/blob/92cbb0724e594ce025d6b6ed050d3548a38c264b/redeemer/Redeemer.sol#L187

Vulnerability details

Impact

Redeemer.redeem() for Element withdraws PT to wrong address. This might cause a result of loss of PT.

Proof of Concept

According to the ReadMe.md, Redeemer should transfer external principal tokens from Lender.sol to Redeemer.sol. But it transfers to the "marketPlace" and it would lose the PT.

Tools Used

Manual Review

Modify IElementToken(principal).withdrawPrincipal(amount, marketPlace); like this.

IElementToken(principal).withdrawPrincipal(amount, address(this));

Findings Information

🌟 Selected for report: Metatron

Also found by: 0x52, WatchPug, auditor0517, cccz, datapunk, hansfriese, hyh, kenzo, kirk-baird, shenwilly, unforgiven

Labels

bug
duplicate
3 (High Risk)
sponsor confirmed

Awards

98.9071 USDC - $98.91

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-06-illuminate/blob/92cbb0724e594ce025d6b6ed050d3548a38c264b/lender/Lender.sol#L247-L299 https://github.com/code-423n4/2022-06-illuminate/blob/92cbb0724e594ce025d6b6ed050d3548a38c264b/lender/Lender.sol#L311-L358

Vulnerability details

Impact

Some Lender.lend() functions don't update senders' balance after swap. The senders can't redeem later because their balance isn't updated.

Proof of Concept

The amount of PT should be added to the senders' balance using mint function.

Tools Used

Manual Review

uint256 ptAmount = yield(u, y, returned, address(this));
address illuminateToken = principalToken(u, m);
IERC5095(illuminateToken).mint(msg.sender, ptAmount);

address illuminateToken = principalToken(u, m);
IERC5095(illuminateToken).mint(msg.sender, purchased);

#0 - sourabhmarathe

2022-06-29T17:18:42Z

Duplicate of #391.

Findings Information

🌟 Selected for report: Picodes

Also found by: Chom, Lambda, auditor0517, cryptphi, csanuragjain, hansfriese, hyh, kenzo, kirk-baird, pashov, unforgiven, zer0dot

Labels

bug
duplicate
3 (High Risk)
sponsor confirmed

Awards

82.1689 USDC - $82.17

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-06-illuminate/blob/92cbb0724e594ce025d6b6ed050d3548a38c264b/redeemer/Redeemer.sol#L128

Vulnerability details

Impact

Redeemer.redeem() for Illuminate doesn't send the asset to the user. The user might lose his underlying asset.

Proof of Concept

This function should transfer the asset to the user but it transfers to the contract.

Tools Used

Manual Review

Modify Safe.transferFrom(IERC20(u), lender, address(this), amount); like this.

Safe.transferFrom(IERC20(u), lender, msg.sender, amount);

#0 - sourabhmarathe

2022-06-29T14:17:02Z

Duplicate of #384.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter