Back to fatima_naz's contests

BadgerDAO Zaps contest - fatima_naz's results

Building Products to Bring BTC to DeFi.

General Information

Platform: Code4rena

Start Date: 14/11/2021

Pot Size: $30,000 USDC

Total HM: 7

Participants: 13

Period: 3 days

Judge: leastwood

Total Solo HM: 4

Id: 57

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 9/13

Findings: 2

Award: $925.54

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBadgerDAO

Findings Information

🌟 Selected for report: WatchPug

Also found by: 0x0x0x, Meta0xNull, fatima_naz, gzeon, ksk2345

Labels

bug
duplicate
3 (High Risk)
sponsor confirmed

Awards

925.536 USDC - $925.54

External Links

Link to GitHub issue

Handle

fatima_naz

Vulnerability details

Impact

In file ibBTC VaultZap.sol , The function setGaurdian is setting the governance. First problem is , setGaurdian is supposed to set gaurdian not governance. gaurdian is a different contract which does not have access to many functions, if we are making governance same as gaurdian so now governance also can not call those function.

Proof of Concept

Tools Used

change the line - governance = _guardian with guardian = _guardian

#0 - tabshaikh

2021-11-16T12:44:17Z

Similar to #10 , fixed

#1 - GalloDaSballo

2021-11-17T14:43:35Z

Also similar to #31 agree with the finding, we have fixed the oversight

#2 - 0xleastwood

2021-12-09T12:13:14Z

duplicate of #51

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter