Back to danb's contests

LI.FI contest - danb's results

Bridge & DEX Aggregation.

General Information

Platform: Code4rena

Start Date: 24/03/2022

Pot Size: $75,000 USDC

Total HM: 15

Participants: 59

Period: 7 days

Judge: gzeon

Id: 103

League: ETH

LI.FI

Findings Distribution

Researcher Performance

Rank: 19/59

Findings: 2

Award: $1,121.31

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLI.FI

Findings Information

🌟 Selected for report: hyh

Also found by: danb, kirk-baird, pmerkleplant

Labels

bug
duplicate
2 (Med Risk)

Awards

924.732 USDC - $924.73

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-Li.finance/blob/main/src/Facets/NXTPFacet.sol#L46

Vulnerability details

A user might accidently send ether if sendingAssetId is not ether.

Recommendation

add in line 54:

require(msg.value == 0);

#0 - H3xept

2022-04-11T12:48:21Z

Duplicate of https://github.com/code-423n4/2022-03-lifinance-findings/issues/53

Findings Information

🌟 Selected for report: hake

Also found by: Jujic, WatchPug, catchup, danb, defsec, kirk-baird, nedodn, shenwilly, sorrynotsorry

Labels

bug
duplicate
2 (Med Risk)
sponsor disputed

Awards

196.5762 USDC - $196.58

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-Li.finance/blob/main/src/Facets/WithdrawFacet.sol#L20

Vulnerability details

admin can steal all user funds

#0 - maxklenk

2022-04-01T07:44:26Z

The contract does not hold any user funds. The withdraw function is only added to withdraw funds to the users that accidentally ended up in the contract.

#1 - gzeoneth

2022-04-16T18:03:16Z

Duplicate of https://github.com/code-423n4/2022-03-lifinance-findings/issues/65

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter