Canto v2 contest - csanuragjain's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 28/06/2022

Pot Size: $25,000 USDC

Total HM: 14

Participants: 50

Period: 4 days

Judge: GalloDaSballo

Total Solo HM: 7

Id: 141

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 12/50

Findings: 1

Award: $313.19

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: 0x52

Also found by: Chom, __141345__, csanuragjain, ladboy233

Labels

bug

duplicate

3 (High Risk)

sponsor acknowledged

Awards

313.1919 USDC - $313.19

External Links

Link to GitHub issue

Lines of code

https://github.com/Plex-Engineer/lending-market-v2/blob/main/contracts/Stableswap/BaseV1-core.sol#L72

Vulnerability details

Impact

Instead of setting periodSize to 1800 (30 min), it is currently set to 0 which means new observations will get added each time update is called at BaseV1-core.sol#L166

Proof of Concept

Observe that periodSize is set to 0
BaseV1-core.sol#L166 will always be true and new observations will always get added up once _update is called

Recommended Mitigation Steps

Change periodSize to 1800 sec (30 min)

#0 - csanuragjain
2022-07-05T14:13:04Z

Duplicate of https://github.com/code-423n4/2022-06-NewBlockchain-v2-findings/issues/124

#1 - GalloDaSballo
2022-08-16T16:24:02Z

Dup of #124

Canto v2 contest - csanuragjain's results

Execution layer for original work.

General Information

Findings Distribution

Researcher Performance

External Links

[H-04] period size is incorrectly set - $313.19

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - csanuragjain2022-07-05T14:13:04Z

#1 - GalloDaSballo2022-08-16T16:24:02Z

#0 - csanuragjain
2022-07-05T14:13:04Z

#1 - GalloDaSballo
2022-08-16T16:24:02Z