Back to dipp's contests

Illuminate contest - dipp's results

Your Sole Source For Fixed-Yields.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $55,000 USDC

Total HM: 29

Participants: 88

Period: 5 days

Judge: gzeon

Total Solo HM: 7

Id: 134

League: ETH

Illuminate

Findings Distribution

Researcher Performance

Rank: 28/88

Findings: 3

Award: $319.94

🌟 Selected for report: 2

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryIlluminate

Findings Information

🌟 Selected for report: dipp

Also found by: 0x1f8b, Chom, GalloDaSballo, GimelSec, Kumpa, Metatron, bardamu, datapunk, hyh, jah, kenzo, kirk-baird, ladboy233, oyc_109, shenwilly, simon135, unforgiven, zer0dot

Awards

29.8781 USDC - $29.88

Labels

bug
3 (High Risk)
sponsor confirmed

External Links

Link to GitHub issue

Lines of code

Lender.sol#L192-L235 Lender.sol#L486-L534 Lender.sol#L545-L589

Vulnerability details

Impact

Some of the lend functions do not validate addresses sent as input which could lead to a malicous user being able to mint more PT tokens than they should.

Functions affect:

Proof of Concept

In the Illuminate and Yield lend function:

  1. Let the Yieldspace pool y be a malicious contract that implements the IYield interface.

  2. The base and maturity functions for y may return any value so the conditions on lines 208 and 210 are easily passed.

  3. The caller of lend sends any amount a for the desired underlying u.

  4. If principal token p corresponds to the Yield principal, then the yield function is called which has a return value controlled by the malicious contract y.

  5. The mint function is then called for the principal token with an underlying u and a maturity m which will then mint the returned amount of principal tokens to the malicious user.

In the Sense lend function:

  1. Let the amm x input variable be a malicous contract that implements the ISense interface.

  2. The malicious user sends any amount of underlying to Lender.sol.

  3. Since the amm isn't validated, the swapUnderlyingForPTs function can return any amount for returned that is used to mint the Illuminate tokens.

  4. The malicious user gains a disproportionate amount of PT.

In the APWine lend function:

  1. Let the APWine pool input variable be a malicous contract that implements the IAPWineRouter interface.

  2. The malicious user sends any amount of underlying to Lender.sol.

  3. The swapExactAmountIn function of the malicious pool contract returns any amount for returned.

  4. The mint function is called for the PT with underlying u and maturity m with the attacker controlled returned amount.

Recommmended Mitigation Steps

Consider validating the input addresses of y, x and pool through a whitelisting procedure if possible or validating that the returned amounts correspond with the amount of PT gained from the protocols by checking the balance before and after the PTs are gained and checking the difference is equal to returned.

Findings Information

🌟 Selected for report: dipp

Also found by: Lambda, WatchPug, cccz, cryptphi, datapunk, hyh, kenzo

Labels

bug
3 (High Risk)
sponsor confirmed

Awards

226.125 USDC - $226.12

External Links

Link to GitHub issue

Lines of code

Redeemer.sol#L193

Vulnerability details

Impact

The maxRedeem function is a view function which only returns the balance of the Redeemer.sol contract. After this value is obtained, the PT is not redeemed from Notional. The user will be unable to redeem PT from Notional through Redeemer.sol.

Proof of Concept

Notional code:

    function maxRedeem(address owner) public view override returns (uint256) {
        return balanceOf(owner);
    }

Recommmended Mitigation Steps

Call redeem from Notional using the amount from maxRedeem as the shares input after the call to maxRedeem.

#0 - KenzoAgada

2022-06-28T08:44:04Z

Should be high severity as affects user funds.

#1 - sourabhmarathe

2022-08-18T14:09:00Z

This is confirmed as a high-risk issue.

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kenshin, Kulk0, Lambda, Limbooo, MadWookie, Metatron, Picodes, Soosh, StErMi, TomJ, WatchPug, Waze, Yiko, _Adam, ak1, asutorufos, aysha, bardamu, catchup, datapunk, delfin454000, dipp, fatherOfBlocks, grGred, hake, hansfriese, hyh, joestakey, kebabsec, kenzo, kirk-baird, oyc_109, pashov, poirots, rfa, robee, saian, sashik_eth, shenwilly, simon135, slywaters, z3s, zeesaw, zer0dot

Awards

63.9425 USDC - $63.94

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

1. Setting a new admin should be a 2-step process

Line References

Lender.sol#L129-L132

Impact

If the incorrect address is mistakenly supplied to setAdmin, the Lender.sol contract would be completely compromised since functions such as approve could cause a lot of damage.

Recommmended Mitigation Steps

Consider using a proposeAdmin function that sets a pending admin and a acceptAdminfunction for the pending admin to accept the admin role.

2. Element pool e is not validated

Line References

Lender.sol#L362

Impact

A user can pass a malicious contract e into the element lend function which returns any amount. The returned purchased amount is then emitted and returned by the lend function. This could lead to undesirable behaviour depending on how the emitted and return values are used.

Recommmended Mitigation Steps

Check the amount of PT gained from the swap by comparing the purchased value to the difference in balance before and after the swap.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter