Kuiper contest - defsec's results

Automated portfolio protocol.

General Information

Platform: Code4rena

Start Date: 16/09/2021

Pot Size: $50,000 USDC

Total HM: 26

Participants: 30

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 17

Id: 36

League: ETH

Kuiper

Findings Distribution

Researcher Performance

Rank: 19/30

Findings: 1

Award: $484.27

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Kuiper

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: defsec

Labels

bug

1 (Low Risk)

sponsor confirmed

Awards

333.9773 USDC - $333.98

External Links

Link to GitHub issue

Handle

defsec

Vulnerability details

Impact

During the manual code review, It has been observed that zero value has not been checked on that "ibRatio" variable. That can cause miscalculation of the liquidity.

Proof of Concept

Navigate to "https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol"
Go to the line #217.

""" ibRatio = newRatio; """

Onlyauction modifier can assign ibRation to 0.
That can affect tokenAmount on the function.

""" function pushUnderlying(uint256 amount, address to) private { for (uint256 i = 0; i < weights.length; i++) { uint256 tokenAmount = amount * weights[i] * ibRatio / BASE / BASE; IERC20(tokens[i]).safeTransfer(to, tokenAmount); } } """

Tools Used

None

Recommended Mitigation Steps

Validate to ibRatio variable is more than zero.

""" require(ibRation > 0 , "ibRatio should be more than zero"); """

#0 - GalloDaSballo
2021-12-04T17:46:14Z

Agree that a check would help

Findings Information

🌟 Selected for report: JMukesh

Also found by: defsec

Labels

bug

duplicate

1 (Low Risk)

sponsor confirmed

Awards

150.2898 USDC - $150.29

External Links

Link to GitHub issue

Handle

defsec

Vulnerability details

Impact

This is probably an oversight since SafeERC20 was imported and safeTransfer() was used for ERC20 token transfers. Nevertheless, note that approve() will fail for certain token implementations that do not return a boolean value (). Hence it is recommend to use safeApprove().

Proof of Concept

Navigate to "https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol".
Preview approveUnderlying function on the contract.
approve function has been used instead of SafeApprove.

Tools Used

Manual Code Review

Recommended Mitigation Steps

Update to _token.safeApprove(spender, type(uint256).max) in approveUnderlying().

#0 - frank-beard
2021-10-19T17:43:26Z

https://github.com/code-423n4/2021-09-defiprotocol-findings/issues/260

#1 - GalloDaSballo
2021-12-19T15:54:53Z

Duplicate of #114

Kuiper contest - defsec's results

Automated portfolio protocol.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $484.27

QA Report - $484.27

🚀 [L-19] Lack of zero ratio validation - $333.98

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - GalloDaSballo2021-12-04T17:46:14Z

[L-40] USE SAFEERC20.SAFEAPPROVE IN approveUnderlying() - $150.29

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - frank-beard2021-10-19T17:43:26Z

#1 - GalloDaSballo2021-12-19T15:54:53Z

#0 - GalloDaSballo
2021-12-04T17:46:14Z

#0 - frank-beard
2021-10-19T17:43:26Z

#1 - GalloDaSballo
2021-12-19T15:54:53Z