Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 14/133
Findings: 2
Award: $413.04
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: ladboy233
Also found by: 0xSmartContract, 8olidity, Aymen0909, Chom, IllIllI, OptimismSec, PaludoX0, TomJ, ayeslick, cccz, csanuragjain, joestakey, neko_nyaa, pashov, peritoflores, rbserver, rvierdiiev
19.982 USDC - $19.98
In the frxETHMinter contract, the owner can call the recoverEther function to rug all the ETH in the contract.
function recoverEther(uint256 amount) external onlyByOwnGov { (bool success,) = address(owner).call{ value: amount }(""); require(success, "Invalid transfer"); emit EmergencyEtherRecovered(amount); }
The owner can even set depositEtherPaused to false to disable deposit of ETH and thus rug more than 32 ETH.
function togglePauseDepositEther() external onlyByOwnGov { depositEtherPaused = !depositEtherPaused; emit DepositEtherPaused(depositEtherPaused); }
https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L191-L196 https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L184-L188
None
Consider removing the recoverEther function
#0 - FortisFortuna
2022-09-25T21:17:12Z
We are well aware of the permission structure. The owner will most likely be a large multisig. We mentioned the Frax Multisig in the scope too.
#1 - joestakey
2022-09-26T15:49:08Z
Duplicate of #107
🌟 Selected for report: cccz
Also found by: Trust, rotcivegaf, wagmi
393.0581 USDC - $393.06
In sfrxETH contracts, the result of previewMint() changes with the state of the contract, which causes the value of amount to be volatile in the mintWithSignature function when approveMax is false. And when using the mintWithSignature function, which requires the user to sign for an accurate amount value, when the amount used differs from the result of previewMint(), mintWithSignature will not work. Consider the following scenarios. User A signs using amount = 1000 and calls the mintWithSignature function. During execution, the previous transaction in the same block changes the state of the contract so that previewMint(shares) == 1001, so the transaction is reverted due to a signature check failure.
https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/sfrxETH.sol#L75-L87 https://github.com/transmissions11/solmate/blob/bff24e835192470ed38bf15dbed6084c2d723ace/src/mixins/ERC4626.sol#L140-L144
None
Consider that in the mintWithSignature function, the user provides a maxAmount, and then requires maxAmount >= previewMint(shares) and uses maxAmoun to verify the signature
#0 - FortisFortuna
2022-09-25T23:39:01Z
Technically correct, though in practice, we will allow user-defined slippage on the UI
#1 - 0xean
2022-10-12T14:10:23Z
I don't believe the UI will be able to assist with this issue unless modifications are made to the smart contracts. The signature will become invalidated due to the return value of previewMint() changing while the transaction is waiting to be included in a block.