Back to ayden's contests

Lybra Finance - ayden's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 91/132

Findings: 1

Award: $43.05

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: DelerRH

Also found by: DelerRH, HE1M, LaScaloneta, No12Samurai, RedTiger, adeolu, ayden, bart1e, f00l, pep7siup

Labels

bug
2 (Med Risk)
satisfactory
duplicate-828

Awards

43.047 USDC - $43.05

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/stakerewardV2pool.sol#L74#L80

Vulnerability details

Impact

rewardPerToken will return a value far greater than expected

Proof of Concept

If the decimal places of the reward token are 18 and the staketoken has 6 decimal places, and we are distributing 1e18 reward tokens over a 30-day period, then the rewardRatio would be equal to 1e18/30 days. As a result, rewardPerToken will return a value far greater than expected, calculated as 1e18 * 1e18 / 1e6.

Tools Used

foundry

use stakeToken.decimals instead of 1e18

Assessed type

Math

#0 - c4-pre-sort

2023-07-09T14:33:06Z

JeffCX marked the issue as duplicate of #501

#1 - c4-judge

2023-07-28T15:40:20Z

0xean marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter