Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 121/179
Findings: 4
Award: $39.84
π Selected for report: 0
π Solo Findings: 0
π Selected for report: cloudjunky
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, 0xHarry, 0xNazgul, 0xNineDec, 0xf15ers, 0xsanson, 0xsolstars, 8olidity, Bnke0x0, CertoraInc, Chom, Deivitto, Dravee, GalloDaSballo, GimelSec, IllIllI, Jmaxmanblue, JohnSmith, Jujic, Kenshin, Krow10, Lambda, MEP, Noah3o6, RedOneN, Ruhum, StErMi, StyxRave, TomJ, Treasure-Seeker, TrungOre, _Adam, __141345__, arcoun, asutorufos, bardamu, bearonbike, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, cccz, codexploder, cryptonue, cryptphi, cthulhu_cult, dharma09, dipp, djxploit, durianSausage, ellahi, giovannidisiena, hansfriese, horsefacts, hyh, immeas, indijanc, jayjonah8, jayphbee, joestakey, kenzo, kyteg, ladboy233, minhquanym, navinavu, obront, oyc_109, peritoflores, rbserver, reassor, rokinot, rotcivegaf, saian, scaraven, shenwilly, simon135, sseefried, teddav, zzzitron
0.0037 USDC - $0.00
Judge has assessed an item in Issue #129 as Medium risk. The relevant finding follows:
1.use transfer to pay eth GolomTrader.sol payEther() use transfer() to pay eth , and receiver can be specified arbitrarily, it is recommended to use call() to avoid a certain chance of failure due to 2300 gas fee exceeded https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L154 Used call instead. For example
(bool success, ) = receiver.call{amount}(""); require(success, "Transfer failed.");
#0 - dmvt
2022-10-21T13:43:48Z
Duplicate of #343
π Selected for report: TomJ
Also found by: 0x4non, 0x52, 0xDjango, 0xNazgul, 0xf15ers, 0xsanson, 8olidity, Bnke0x0, CertoraInc, Ch_301, Chom, Dravee, GalloDaSballo, GimelSec, JC, Jujic, Kenshin, Kumpa, Lambda, M0ndoHEHE, PaludoX0, RedOneN, Ruhum, Sm4rty, Treasure-Seeker, TrungOre, Twpony, Waze, _Adam, __141345__, apostle0x01, arcoun, benbaessler, bin2chen, brgltd, cccz, cloudjunky, cryptonue, djxploit, ellahi, erictee, hansfriese, i0001, minhquanym, oyc_109, peritoflores, rbserver, reassor, rokinot, rotcivegaf, saian, shenwilly, sseefried
0.1513 USDC - $0.15
GolomTrader.sol fillAsk() use transferFrom to transfer NFT, and the receiver can be arbitrarily specified, this has a risk that NFT will be permanently lost, it is recommended to use safeTransferFrom() fillBid() and fillCriteriaBid() is also recommended to modify the safeTransferFrom ()
function fillAsk( Order calldata o, uint256 amount, address referrer, Payment calldata p, address receiver ) public payable nonReentrant { ... if (o.isERC721) { require(amount == 1, 'only 1 erc721 at 1 time'); ERC721(o.collection).transferFrom(o.signer, receiver, o.tokenId); /**** change to safeTransferFrom() *****/ } else { ERC1155(o.collection).safeTransferFrom(o.signer, receiver, o.tokenId, amount, ''); } ...
change to safeTransferFrom()
#0 - KenzoAgada
2022-08-03T15:08:29Z
Duplicate of #342
π Selected for report: AuditsAreUS
Also found by: 0xSky, CertoraInc, GimelSec, GiveMeTestEther, Green, Lambda, Ruhum, RustyRabbit, Treasure-Seeker, Twpony, arcoun, bin2chen, cccz, codexploder, cryptonue, dipp, horsefacts, jayphbee, joestakey, minhquanym, obront, peritoflores, rbserver, reassor, rotcivegaf, scaraven, ych18
4.5163 USDC - $4.52
Since fillAsk() determines the eth paid, it uses ">=" οΌ msg.value>= o.totalAmt * amount + p.paymentAmt If msg.value is greater than the required amount, but it is not returned to the user and there is no other way to transfer it out of the contract, it will be permanently locked in the contract
function fillAsk( Order calldata o, uint256 amount, address referrer, Payment calldata p, address receiver ) public payable nonReentrant { .... require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm'); /*** end of method, not returned to the user ***/ }
function fillAsk( Order calldata o, uint256 amount, address referrer, Payment calldata p, address receiver ) public payable nonReentrant { /** add **/ uint256 moreEth = msg.value - (o.totalAmt * amount + p.paymentAmt); if (moreEth > 0) { payEther(moreEth, msg.sender); } /** add **/ }
#0 - KenzoAgada
2022-08-04T02:52:39Z
Duplicate of #75
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron
35.1687 USDC - $35.17
1.use transfer to pay eth
GolomTrader.sol payEther() use transfer() to pay eth , and receiver can be specified arbitrarily,
it is recommended to use call() to avoid a certain chance of failure due to 2300 gas fee exceeded
https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L154
Used call instead. For example
(bool success, ) = receiver.call{amount}(""); require(success, "Transfer failed.");
2.Equal is valid in GolomTrader.sol fillBid() use "greater" https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L286
require( o.totalAmt * amount > (o.exchange.paymentAmt + o.prePayment.paymentAmt + o.refererrAmt) * amount + p.paymentAmt );
but equal should be allowed. modify:
require( o.totalAmt * amount >= (o.exchange.paymentAmt + o.prePayment.paymentAmt + o.refererrAmt) * amount + p.paymentAmt );
3.Useless method, may have some risk GolomTrader contracts do not require a separate transfer to eth, nor a transfer out. To avoid incorrect transfers, it is recommended to remove these methods
fallback() external payable {} receive() external payable {}
4.fixed values are inflexible and cannot be adjusted
RewardDistributor.sol startTime is recommended to use parameters passed in, not fixed values
constructor( address _weth, address _trader, address _token, address _governance ) { ... startTime = 1659211200; }
5.contract needs to define "is Interface" to avoid define error method risk
RewardDistributor.sol not define "is Distributor" , has a risk https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/rewards/RewardDistributor.sol#L43
interface Distributor { function addFee(address[2] calldata addr, uint256 fee) external; }
contract RewardDistributor is Ownable { address public trader; uint256 public epoch = 0;
6.Use external instead of public the contract is not called internally, it is recommended to change it to external. GolomTrader.sol: fillAsk()/fillBid()/cancelOrder()/fillCriteriaBid() RewardDistributor.sol: addFee()/traderClaim()/exchangeClaim()/multiStakerClaim()