Back to cryptphi's contests

Cudos contest - cryptphi's results

Decentralised cloud computing for Web3.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $75,000 USDC

Total HM: 6

Participants: 55

Period: 7 days

Judge: Albert Chon

Total Solo HM: 2

Id: 116

League: COSMOS

Cudos

Findings Distribution

Researcher Performance

Rank: 44/55

Findings: 1

Award: $113.78

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCudos

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry

Awards

113.7803 USDC - $113.78

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L116-L122 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L124-L136

Vulnerability details

Impact

The function manageWhiteList() allows whitelisted users to add users to the whitelist.

Proof of Concept

  1. Admin calls manageWhiteList() and adds users to whitelist.
  2. whitelist user A is a member of the whitelist and has the ability to call manageWhiteList() to add new users to whitelist. https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L124-L136

Tools Used

Manual review

Proper access control needs to be implemented for the manageWhiteList().

#0 - maptuhec

2022-05-11T08:26:35Z

Duplicate of #19

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter