Back to byndooa's contests

FIAT DAO veFDT contest - byndooa's results

Unlock liquidity for your DeFi fixed income assets.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $35,000 USDC

Total HM: 10

Participants: 126

Period: 3 days

Judge: Justin Goro

Total Solo HM: 3

Id: 154

League: ETH

FIAT DAO

Findings Distribution

Researcher Performance

Rank: 103/126

Findings: 1

Award: $29.89

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFIAT DAO

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x1f8b, 0x52, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xbepresent, 0xmatt, 0xsolstars, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, DecorativePineapple, Deivitto, Dravee, ElKu, Funen, GalloDaSballo, IllIllI, JC, JohnSmith, Junnon, KIntern_NA, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Sm4rty, TomJ, Vexjon, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, auditor0517, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, cRat1st0s, cryptphi, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, exd0tpy, fatherOfBlocks, gogo, jonatascm, ladboy233, medikko, mics, natzuu, neumo, p_crypt0, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saneryee, seyni, sikorico, simon135, sseefried, wagmi, wastewa

Awards

29.8918 USDC - $29.89

Labels

bug
disagree with severity
downgraded by judge
QA (Quality Assurance)
sponsor acknowledged

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/features/Blocklist.sol#L23-L28 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L170-L183 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L555-L592

Vulnerability details

Impact

One can avoid being blocked.

Proof of Concept

  1. block(target) is broadcasted by the owner to mempool
  2. target exits using quitLock(), pays penalty - this transaction is put before the (1) - frontrun
  3. (2) happens, then (2) happens
  4. target enter with the fresh account / smart-contract

Tools Used

Hardhat

quitLock() should have an action in a few blocks after the initial call, otherwise fail the quitLock()

#0 - lacoop6tu

2022-08-16T13:10:38Z

Being able to quitLock anytime is part of the mechanism, if a contract is blocked is because we need to limit its ability to interact, if the contract quitLocks, it will pay a fee, and if it re-enters with the amount left, it might be forced to quitLock again for not being blocked, and repeat.. until the contract has no token left

#1 - elnilz

2022-08-17T09:52:24Z

as @lacoop6tu mentioned its not a bug and defn not Med Risk as protocol operates as intended even if blocked user frontruns block tx by quitLock-ing. However, since technically blocked users can quitLock by frontrunning we may consider allowing blocked users to use quitLock in the first place. the only reason we did not was that some additional checks need be in place around blocked, quitted locks. so if anything, this is a UX issue and should be labeled QA severity

#2 - gititGoro

2022-08-28T03:11:24Z

The sponsor has indicated they want to handle this with incentives (quitLock penalty). Since they've marked as acknowledged, I'm downgrading the severity to QA.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter