Back to auditor0517's contests

Golom contest - auditor0517's results

An NFT marketplace that offers the lowest industry fee, a publicly available order-book along with analytical tools.

General Information

Platform: Code4rena

Start Date: 26/07/2022

Pot Size: $75,000 USDC

Total HM: 29

Participants: 179

Period: 6 days

Judge: LSDan

Total Solo HM: 6

Id: 148

League: ETH

Golom

Findings Distribution

Researcher Performance

Rank: 61/179

Findings: 2

Award: $186.56

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryGolom

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0x1f8b, 0x52, 0xA5DF, 0xsanson, CRYP70, GimelSec, Krow10, TrungOre, auditor0517, hansfriese, hyh, panprog, rajatbeladiya, rbserver, teddav

Awards

93.2805 USDC - $93.28

Labels

bug
duplicate
3 (High Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/rewards/RewardDistributor.sol#L298-L305

Vulnerability details

Impact

The ve address in RewardDistributor.sol will always be the zero address and the admin can't update it.

Proof of Concept

In the addVoteEscrow(), the ve address is set to zero address(pendingVoteEscrow) again because ve = 0 address at the first time.

Tools Used

Manual Review

Recommend modifying like below.

function addVoteEscrow(address _voteEscrow) external onlyOwner {
    if (address(ve) == address(0)) {
        ve = VE(_voteEscrow);
    } else {
        voteEscrowEnableDate = block.timestamp + 1 days;
        pendingVoteEscrow = _voteEscrow;
    }
}

#0 - okkothejawa

2022-08-04T12:32:15Z

Duplicate of #611

Findings Information

🌟 Selected for report: hyh

Also found by: 0x52, 0xSky, ElKu, Krow10, Lambda, Limbooo, RustyRabbit, auditor0517, kaden, obront, rbserver, rotcivegaf, scaraven, wastewa, zzzitron

Awards

93.2805 USDC - $93.28

Labels

bug
duplicate
3 (High Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L381 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L389-L394 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L396-L399

Vulnerability details

Impact

Currently, it multiplies the amount twice for protocolfee and the users might receive smaller eth or the function might revert for uint underflow error.

Proof of Concept

The protocolfee is calculated correctly by multiplying the amount here.

But during calculation for the remaining ether amount, it multiplies the amount again at part1 and part2, so the calculation result might be different when amount > 1 with ERC1155 token.

Tools Used

Manual Review

Recommend modifying this part like below.

if (o.refererrAmt > 0 && referrer != address(0)) {
    payEther(o.refererrAmt * amount, referrer);
    payEther(
        (o.totalAmt - o.exchange.paymentAmt - o.prePayment.paymentAmt - o.refererrAmt) * amount - p.paymentAmt - protocolfee,
        msg.sender
    );
} else {
    payEther(
        (o.totalAmt - o.exchange.paymentAmt - o.prePayment.paymentAmt) * amount - p.paymentAmt - protocolfee,
        msg.sender
    );
}

#0 - KenzoAgada

2022-08-02T06:32:39Z

Duplicate of #240

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter