Back to cccz's contests

Badger Citadel contest - cccz's results

Bringing BTC to DeFi

General Information

Platform: Code4rena

Start Date: 04/02/2022

Pot Size: $30,000 USDC

Total HM: 3

Participants: 37

Period: 3 days

Judge: leastwood

Id: 84

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 15/37

Findings: 1

Award: $625.19

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBadgerDAO

Findings Information

🌟 Selected for report: WatchPug

Also found by: 0x1f8b, Czar102, cccz, cmichel, gellej, harleythedog, hickuphh3, hyh, pauliax, sirhashalot

Labels

bug
duplicate
2 (Med Risk)

Awards

625.1882 USDC - $625.19

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-02-badger-citadel/blob/main/contracts/TokenSaleUpgradeable.sol#L348-L369

Vulnerability details

Impact

The sweep function can send the tokens in the contract to the owner, and it says ' The contract transfers all tokenIn directly to saleRecipient during a sale so it's safe to sweep tokenIn ', but if the owner sets saleRecipient to address( this), the assumption will be broken, the owner can take out all tokenIn.

Proof of Concept

https://github.com/code-423n4/2022-02-badger-citadel/blob/main/contracts/TokenSaleUpgradeable.sol#L315-L324

https://github.com/code-423n4/2022-02-badger-citadel/blob/main/contracts/TokenSaleUpgradeable.sol#L348-L369

Tools Used

None

Check if input is address(this) when setting saleRecipient

#0 - GalloDaSballo

2022-02-14T13:51:48Z

Agree with the finding, we must protect the tokenIn

#1 - 0xleastwood

2022-03-14T11:44:15Z

Duplicate of #50

#2 - 0xleastwood

2022-03-16T12:55:27Z

Duplicate of #61

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter