Back to csanuragjain's contests

Ethena Labs - csanuragjain's results

Enabling The Internet Bond

General Information

Platform: Code4rena

Start Date: 24/10/2023

Pot Size: $36,500 USDC

Total HM: 4

Participants: 147

Period: 6 days

Judge: 0xDjango

Id: 299

League: ETH

Ethena Labs

Findings Distribution

Researcher Performance

Rank: 136/147

Findings: 1

Award: $4.52

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEthena Labs

Findings Information

🌟 Selected for report: 0xmystery

Also found by: 0x11singh99, 0xAadi, 0xAlix2, 0xG0P1, 0xStalin, 0xWaitress, 0x_Scar, 0xhacksmithh, 0xhunter, 0xpiken, Al-Qa-qa, Arz, Avci, Bauchibred, BeliSesir, Breeje, Bughunter101, DarkTower, Eeyore, Fitro, HChang26, Imlazy0ne, J4X, JCK, Kaysoft, Kral01, Madalad, Mike_Bello90, Noro, PASCAL, PENGUN, Proxy, Rickard, Shubham, SovaSlava, Strausses, Team_Rocket, ThreeSigma, Topmark, Udsen, Walter, Yanchuan, Zach_166, ZanyBonzy, adam-idarrha, adeolu, almurhasan, arjun16, ast3ros, asui, ayden, btk, cartlex_, castle_chain, cccz, chainsnake, codynhat, critical-or-high, cryptonue, csanuragjain, deepkin, degensec, dirk_y, erebus, foxb868, ge6a, hunter_w3b, jasonxiale, kkkmmmsk, lanrebayode77, lsaudit, marchev, matrix_0wl, max10afternoon, nuthan2x, oakcobalt, oxchsyston, pavankv, peanuts, pep7siup, pipidu83, pontifex, ptsanev, qpzm, radev_sw, rokinot, rotcivegaf, rvierdiiev, sorrynotsorry, squeaky_cactus, supersizer0x, tnquanghuy0512, twcctop, twicek, young, zhaojie, ziyou-

Awards

4.5226 USDC - $4.52

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
satisfactory
sufficient quality report
duplicate-90
Q-78

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDe.sol#L237

Vulnerability details

Impact

User will not be able to Withdraw their own funds.

Proof of Concept

  1. Lets say User A deposited assets which gave him 1 ether shares
  2. User B and User C deposited assets worth 0.5 ether and 0.4 ether each
  3. 2nd step passes the _checkMinShares check since totalSupply(1+0.5+0.4) > MIN_SHARES (1 ether)
function _checkMinShares() internal view {
    uint256 _totalSupply = totalSupply();
    if (_totalSupply > 0 && _totalSupply < MIN_SHARES) revert MinSharesViolation();
  }
  1. Now User A withdraws all his shares which is 1 ether
  2. User B tries withdrawing his 0.5 ether shares but fails due to _checkMinShares check
  3. This happens since totalSupply(0.5+0.4) < MIN_SHARES (1 ether)
  4. So both User B and User C are stuck
  5. However this is temporary since any of these Users can deposit the lagging amount and then withdraw their funds. Like in this case User B can deposit funds worth 0.1 ether and withdrawal will work since MIN_SHARES is now reached

Tools Used

Manual analysis

The min share check is kept to prevent donation attack. Instead of using current design, protocol could follow the trick used by Uniswap. On the very first deposit, a very small amount 10^3 (deducted from User deposit) could be minted to 0 address, making the donation attack infeasible

Assessed type

Invalid Validation

#0 - c4-pre-sort

2023-10-31T05:22:33Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-10-31T05:22:56Z

raymondfam marked the issue as duplicate of #71

#2 - c4-judge

2023-11-13T20:24:06Z

fatherGoose1 marked the issue as satisfactory

#3 - c4-judge

2023-11-17T16:56:01Z

fatherGoose1 changed the severity to QA (Quality Assurance)

#4 - c4-judge

2023-11-27T20:48:58Z

fatherGoose1 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter