Back to codexploder's contests

Canto contest - codexploder's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $100,000 USDC

Total HM: 26

Participants: 59

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 9

Id: 133

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 14/59

Findings: 3

Award: $2,153.79

🌟 Selected for report: 1

πŸš€ Solo Findings: 2

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: codexploder

Labels

bug
2 (Med Risk)
disagree with severity

Awards

978.304 USDC - $978.30

6057.6098 CANTO - $978.30

External Links

Link to GitHub issue

Lines of code

https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/Governance/GovernorBravoDelegate.sol#L135

Vulnerability details

Impact

The state function check GovernorBravoDelegate.sol#L115 will always fail since proposalId cannot lie in between initialProposalId and proposalCount due to an initialization in _initiate function

Proof of Concept

  1. The _initiate function sets initialProposalId = proposalCount;

  2. Now lets say proposal count was 5 so initialProposalId and proposalCount are both set to 5

  3. Now lets say state function is called on proposal id 2

  4. The require condition checks proposalCount >= proposalId && proposalId > initialProposalId

  5. This is equivalent to 5>=2 && 5>5, since 5>5 is not true this always fails even though proposal id 2 is correct

Remove initialProposalId = proposalCount; in the _initiate function

#0 - tkkwon1998

2022-06-22T18:26:08Z

This is a bug, but will not lead to any attack or loss of funds. The initiate function will just fail, meaning the timelock admin cannot be set. This should be a 2 (Med Risk) issue.

#1 - GalloDaSballo

2022-08-10T23:41:25Z

The warden has shown how, due to misconfiguration the Governor contract can be prevented from creating new proposals.

Because this is contingent on setup, I think Medium Severity to be more appropriate

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xf15ers, 0xmint, Bronicle, Dravee, Funen, JMukesh, Limbooo, MadWookie, Picodes, Ruhum, TerrierLover, TomJ, Tutturu, WatchPug, Waze, _Adam, asutorufos, c3phas, catchup, cccz, codexploder, cryptphi, csanuragjain, defsec, fatherOfBlocks, gzeon, hake, hansfriese, hyh, ignacio, k, nxrblsrpr, oyc_109, robee, sach1r0, saian, simon135, technicallyty, zzzitron

Awards

86.0794 USDC - $86.08

687.9945 CANTO - $111.11

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Zero address check missing

Contract: https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/CNote.sol#L14

Issue: Admin can call setAccountantContract function with address(0) as accountant. This will set admin as address(0) which is wrong

Recommendation: Add below require condition:

require(accountant_!=address(0), "Incorrect address");

modifier nonReentrant() is never used

Contract: https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/CNote.sol#L351

Issue: modifier nonReentrant() is never used in CNote.sol

#0 - GalloDaSballo

2022-08-02T01:19:04Z

address(0)

Valid Low

modifier nonReentrant() is never used

Valid Refactoring

1 L 1 R

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter