Back to berndartmueller's contests

Mimo DeFi contest - berndartmueller's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 28/04/2022

Pot Size: $50,000 USDC

Total HM: 7

Participants: 43

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 115

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 16/43

Findings: 2

Award: $400.55

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: hyh

Also found by: 0xDjango, berndartmueller, cccz, defsec, delfin454000, joestakey, robee

Labels

bug
duplicate
2 (Med Risk)

Awards

247.8825 USDC - $247.88

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/liquidityMining/v2/PARMinerV2.sol#L125 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L97 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L151 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L275 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L291 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L325 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L344

Vulnerability details

Impact

Some tokens, like USDT (see requirement line 199), require first reducing the address allowance to 0 by calling approve(_spender, 0) and then approve the actual allowance.

When using one of these unsupported tokens, all transactions revert and the protocol cannot be used.

Proof of Concept

core/contracts/liquidityMining/v2/PARMinerV2.sol#L125
supervaults/contracts/SuperVault.sol#L97
supervaults/contracts/SuperVault.sol#L151
supervaults/contracts/SuperVault.sol#L275
supervaults/contracts/SuperVault.sol#L291
supervaults/contracts/SuperVault.sol#L325
supervaults/contracts/SuperVault.sol#L344

Tools Used

Manual review

Approve with a zero amount first before setting the actual amount. e.g:

token.approve(proxy, 0); // @audit-info add this line to reduce allowance to 0 first
token.approve(proxy, amount);

#0 - m19

2022-05-05T09:46:58Z

Duplicate of #135 and #145

#1 - gzeoneth

2022-06-05T15:22:13Z

Duplicate of #145

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s

Awards

152.6741 USDC - $152.67

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA Report

Table of Contents

Non-Critical Findings

[NC-01] - Consider upgrading Solidity version

Description

Consider using a newer Solidity version instead of using 0.6.12.

More recent versions of solidity have compiler optimizations, user defined types (this would be very useful in the concentratedLiquidityPools code), overriding interface functions, reading from immutables, among other things. This could help reading and writing safe and clean code.

Findings

Excerpt of findings:

liquidityMining/v2/GenericMinerV2.sol#L4
liquidityMining/v2/SupplyMinerV2.sol#L4
liquidityMining/v2/DemandMinerV2.sol#L4
liquidityMining/v2/PARMinerV2.sol#L4
liquidityMining/v2/VotingMinerV2.sol#L4
liquidityMining/v2/interfaces/IDemandMinerV2.sol#L4
liquidityMining/v2/interfaces/IGenericMinerV2.sol#L4
liquidityMining/v2/interfaces/ISupplyMinerV2.sol#L4
liquidityMining/v2/interfaces/IVotingMinerV2.sol#L4
oracles/GUniLPOracle.sol#L3
oracles/BalancerV2LPOracle.sol#L3

Inherit from the missing interface or contract.

[NC-02]: Events not indexed

Description

Indexed event parameters are stored in the topics part of the log instead of the data part, which allows for faster indexing/querying because of the use of bloom filters for topics. Up to three parameters in every event can be indexed. While this costs a little extra gas, doing so allows for faster and more efficient/effective event lookups.

Findings

liquidityMining/v2/interfaces/IDemandMinerV2.sol#L9
inception/interfaces/IInceptionVaultFactory.sol#L26
inception/interfaces/IInceptionVaultFactory.sol#L33
inception/interfaces/IInceptionVaultPriceFeed.sol#L10

Add indexed parameter especially for address parameters where their faster lookup for security monitoring issues can be a good trade-off for the extra gas consumed.

Low Risk

[L-01] - Functions not returning declared values

Description

Functions mentioned in findings declare multiple return values without actually returning them and therefore do not return anything so they always get assigned a default value of 0.

Findings

core/contracts/oracles/GUniLPOracle.sol#L96
core/contracts/oracles/GUniLPOracle.sol#L98
core/contracts/oracles/GUniLPOracle.sol#L100
core/contracts/oracles/BalancerV2LPOracle.sol#L93
core/contracts/oracles/BalancerV2LPOracle.sol#L95
core/contracts/oracles/BalancerV2LPOracle.sol#L97

Either remove the return declarations or return the intended values.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter