Back to debo's contests

Good Entry - debo's results

The best day trading platform to make every trade entry a Good Entry.

General Information

Platform: Code4rena

Start Date: 01/08/2023

Pot Size: $91,500 USDC

Total HM: 14

Participants: 80

Period: 6 days

Judge: gzeon

Total Solo HM: 6

Id: 269

League: ETH

Good Entry

Findings Distribution

Researcher Performance

Rank: 72/80

Findings: 1

Award: $12.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryGood Entry

Findings Information

🌟 Selected for report: dd0x7e8

Also found by: Bughunter101, Fulum, Kaysoft, MatricksDeCoder, SanketKogekar, Sathish9098, T1MOH, Udsen, debo, fatherOfBlocks, grearlake, hpsb, j4ld1na, josephdara, parsely, pep7siup, piyushshukla, ravikiranweb3, shirochan

Awards

12.8772 USDC - $12.88

Labels

bug
2 (Med Risk)
satisfactory
duplicate-83

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L156 https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L174 https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L192

Vulnerability details

Impact

Detailed description of the impact of this finding. Unchecked Call Return Value. The return value of a message call is not checked. Execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, this may cause unexpected behaviour in the subsequent program logic.

Proof of Concept

Provide direct links to all referenced code in GitHub. Vulnerable URLs

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L156

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L174

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L192

Add screenshots, logs, or any other relevant proof that illustrates the concept. Vulnerable Code

// Line 156
        msg.sender.call{value: msg.value - amounts[0]}("");
// Line 174
        payable(msg.sender).call{value: amountOut}("");
// Line 192
        payable(msg.sender).call{value: amounts[1]}("");

Tools Used

VS Code Mythx

Fixed Code

// Line 156
        require(msg.sender.call{value: msg.value - amounts[0]}(""));
// Line 174
        require(payable(msg.sender).call{value: amountOut}(""));
// Line 192
        require(payable(msg.sender).call{value: amounts[1]}(""));

Assessed type

call/delegatecall

#0 - c4-pre-sort

2023-08-09T02:03:58Z

141345 marked the issue as duplicate of #481

#1 - c4-pre-sort

2023-08-09T09:25:52Z

141345 marked the issue as duplicate of #83

#2 - c4-judge

2023-08-20T17:11:13Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter