Back to cccz's contests

Vader Protocol contest - cccz's results

Liquidity Protocol anchored by Native Stablecoin with Slip-Based Fees AMM, IL protection and Synthetics.

General Information

Platform: Code4rena

Start Date: 21/12/2021

Pot Size: $30,000 USDC

Total HM: 20

Participants: 20

Period: 5 days

Judge: Jack the Pug

Total Solo HM: 13

Id: 70

League: ETH

Vader Protocol

Findings Distribution

Researcher Performance

Rank: 14/20

Findings: 1

Award: $141.51

๐ŸŒŸ Selected for report: 0

๐Ÿš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVader Protocol

Findings Information

๐ŸŒŸ Selected for report: cmichel

Also found by: Critical, TomFrenchBlockchain, cccz, danb, leastwood

Labels

bug
duplicate
3 (High Risk)
sponsor acknowledged
VaderPoolV2

Awards

141.5133 USDC - $141.51

External Links

Link to GitHub issue

Handle

cccz

Vulnerability details

Impact

The mintSynth function and the mintFungible function are not verified from==msg.sender, causing anyone to use other peopleโ€™s tokens to mint Synth or LP tokens for themselves

Proof of Concept

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L153-L194

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L311-L361

Tools Used

Manual analysis

Add the following code to the mintSynth function and mintFungible function

require(from == msg.sender);

#0 - jack-the-pug

2022-03-12T04:17:39Z

Dup of #147

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax ยฉ 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter