Back to djxploit's contests

Olympus DAO contest - djxploit's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Platform: Code4rena

Start Date: 25/08/2022

Pot Size: $75,000 USDC

Total HM: 35

Participants: 147

Period: 7 days

Judge: 0xean

Total Solo HM: 15

Id: 156

League: ETH

Olympus DAO

Findings Distribution

Researcher Performance

Rank: 26/147

Findings: 3

Award: $944.33

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOlympus DAO

Findings Information

🌟 Selected for report: djxploit

Also found by: brgltd

Labels

bug
2 (Med Risk)
sponsor confirmed
old-submission-method

Awards

857.4359 DAI - $857.44

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L110 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L99

Vulnerability details

Impact

In getloan() and replayloan(), the safetransfer and safetransferfrom doesn't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds , because if safetransfer() and safetransferfrom() are called on a token address that doesn't have contract in it, it will always return success, bypassing the return value check. Due to this protocol will think that funds has been transferred and successful , and records will be accordingly calculated, but in reality funds were never transferred. So this will lead to miscalculation and possibly loss of funds

Proof of Concept

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L110 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L99

Tools Used

Manual code review

Use openzeppelin's safeERC20 or implement a code existence check

#0 - ind-igo

2022-09-07T23:33:11Z

Confirmed. Will implement this. Thank you.

Findings Information

🌟 Selected for report: zzzitron

Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas

Awards

54.3128 DAI - $54.31

Labels

bug
QA (Quality Assurance)
sponsor disputed
old-submission-method

External Links

Link to GitHub issue

Use of block.timestamp

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L85 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L92 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L136 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L138 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L148 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L150 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L191 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L200 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L207 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L231 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L233 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L143 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L146 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L165 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L171 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L215

Missing 0 address check

https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L439 https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L451 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L64 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L75 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L75 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L137

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami

Awards

32.5835 DAI - $32.58

Labels

bug
G (Gas Optimization)
old-submission-method

External Links

Link to GitHub issue

Unnecessary initialization

In line https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L397, initialization of i to 0 is not necessary, as the default value of uint256 is always 0.

For loop optimization

In loop , https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L43, the for loop can be optimized by removing unnecessary initialization and using ++i instead of i++

for(uint256 i; i<5;) {
...
unchecked {
++i;
}
}

Similar optimizations can also be done at : https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L58

Use >= or <= instead of > or < :

https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L46 https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L60 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L131 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/TRSRY.sol#L144 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L133 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L145 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L245 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L247 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L248 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L249 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/RANGE.sol#L264 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L90 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L135

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter