Back to erebus's contests

Canto Application Specific Dollars and Bonding Curves for 1155s - erebus's results

Tokenizable bonding curves using a Stablecoin-as-a-Service token

General Information

Platform: Code4rena

Start Date: 13/11/2023

Pot Size: $24,500 USDC

Total HM: 3

Participants: 120

Period: 4 days

Judge: 0xTheC0der

Id: 306

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 90/120

Findings: 1

Award: $4.08

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: chaduke

Also found by: 0xpiken, Bauchibred, Matin, MohammedRizwan, MrPotatoMagic, OMEN, Pheonix, SandNallani, T1MOH, Topmark, ZanyBonzy, adriro, aslanbek, ayden, bareli, bart1e, bin2chen, btk, cheatc0d3, codynhat, critical-or-high, d3e4, erebus, firmanregar, hunter_w3b, jasonxiale, kaveyjoe, ksk2345, lsaudit, max10afternoon, merlinboii, nailkhalimov, osmanozdemir1, peanuts, pep7siup, pontifex, sbaudh6, shenwilly, sl1, tourist, wisdomn_, young, zhaojie

Awards

4.0797 USDC - $4.08

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
duplicate-313
Q-05

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/asD/src/asDFactory.sol#L34

Vulnerability details

Description

NOTE --> For a better understanding, see this as a reference.

In asDFactory, function create does deploy a new asD token using the new keyword (so CREATE underhood). That means the address derivation of the new token depends only on the asDFactory nonce and due to the nature of blockchain networks, which do not maintain a single chain but multiple child ones with a primary one (see here), it is possible to suffer from block re-orgs, opening the door for the next attack scenario:

Attack scenario

Imagine that Alice deploys a new asD token, and links it against a certain market. Bob sees that the network block re-org is gonna happen and calls asDFactory, function create and deploys an asD token at the same address of Alice's one, but on the "re-orged blockchain branch". By doing that, Bob becomes the owner of such a token instead of Alice, being able to withdraw all the interest accrued by such a token, leading to a theft of interest.

Deploy the asD token via CREATE2 with a salt given as a function argument.

Assessed type

Other

#0 - c4-pre-sort

2023-11-20T07:49:03Z

minhquanym marked the issue as duplicate of #313

#1 - c4-judge

2023-11-29T00:16:48Z

MarioPoneder changed the severity to QA (Quality Assurance)

#2 - c4-judge

2023-11-29T22:30:51Z

MarioPoneder marked the issue as grade-c

#3 - c4-judge

2023-12-04T12:06:38Z

MarioPoneder marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter