Volt Protocol contest - cccz's results

Inflation Protected Stablecoin.

General Information

Platform: Code4rena

Start Date: 31/03/2022

Pot Size: $75,000 USDC

Total HM: 7

Participants: 42

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 5

Id: 102

League: ETH

Volt Protocol

Findings Distribution

Researcher Performance

Rank: 25/42

Findings: 1

Award: $148.99

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Volt Protocol

Findings Information

🌟 Selected for report: rayn

Also found by: 0xDjango, 0xkatana, 0xkowloon, BouSalman, CertoraInc, Dravee, Funen, Hawkeye, IllIllI, Jujic, Kenshin, Kthere, Meta0xNull, Sleepy, TerrierLover, async, aysha, berndartmueller, catchup, cccz, cmichel, csanuragjain, danb, defsec, georgypetrov, hake, hubble, kenta, kyliek, pauliax, rfa, robee, sahar, shenwilly, teryanarmen

Awards

148.9858 USDC - $148.99

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

Low

Race condition in approve()

Impact

In Vcon contract, using approve() to manage allowances opens yourself and users of the token up to frontrunning.

https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#heading=h.b32yfk54vyg9

Proof of Concept

https://github.com/code-423n4/2022-03-volt/blob/main/contracts/vcon/Vcon.sol#L174-L189

Tools Used

None

Recommended Mitigation Steps

Add increaseAllowance and decreaseAllowance methods in Vcon contract.

Volt Protocol contest - cccz's results

Inflation Protected Stablecoin.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-09] QA Report - $148.99

Findings Information

Awards

Labels

External Links

Low

Race condition in approve()

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps