Back to erebus's contests

Canto - erebus's results

A layer-1 EVM powered by free public infrastructure.

General Information

Platform: Code4rena

Start Date: 20/06/2023

Pot Size: $36,500 USDC

Total HM: 2

Participants: 23

Period: 3 days

Judge: 0xean

Id: 252

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 10/23

Findings: 1

Award: $1,016.48

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: yaarduck

Also found by: Rolezn, erebus, hihen, sces60107, seerether, yaarduck

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
duplicate-71

Awards

1016.4835 USDC - $1,016.48

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L26

Vulnerability details

Impact

The function swapCoins does check that SendCoins does receive them correctly here but not when sending them to the user here

Proof of Concept

If there is an error returning the swapped coins to the user, they will remain locked. There is no history of swaps which could be used to retrieve the lost funds, so there is no way to take them back upon an error.

Tools Used

Manual analysis

Follow the same approach as in receiving the coins (the if-err-nill and all of that)

Assessed type

Token-Transfer

#0 - c4-pre-sort

2023-06-24T13:46:07Z

JeffCX marked the issue as duplicate of #5

#1 - c4-pre-sort

2023-06-24T14:09:25Z

JeffCX marked the issue as duplicate of #80

#2 - c4-judge

2023-07-03T20:52:54Z

0xean marked the issue as satisfactory

#3 - c4-judge

2023-07-03T20:53:23Z

0xean changed the severity to 2 (Med Risk)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter