Phuture Finance contest - fatima_naz's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Platform: Code4rena

Start Date: 19/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 43

Period: 3 days

Judges: moose-code, JasoonS

Total Solo HM: 7

Id: 90

League: ETH

Phuture Finance

Findings Distribution

Researcher Performance

Rank: 17/43

Findings: 3

Award: $116.42

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Phuture Finance

Findings Information

🌟 Selected for report: cccz

Also found by: 0xkatana, Dravee, IllIllI, WatchPug, berndartmueller, defsec, fatima_naz, jah, kebabsec, kenta, pedroais, peritoflores, rayn, reassor, tabish

Awards

22.0499 USDC - $22.05

Labels

bug

duplicate

2 (Med Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ChainlinkPriceOracle.sol#L83-L86

Vulnerability details

Impact

Price can be stale which can lead to wrong assetPerBaseInUQ return value

Proof of Concept

Oracle data feed is insufficiently validated. There is no check for stale price and round completeness.

Tools Used

Manual review, similar issue was found in yield contest - https://github.com/code-423n4/2022-01-yield-findings/issues/136

Recommended Mitigation Steps

Validate data feed

    (uint80 roundID, int256 basePrice, , uint256 timestamp, uint80 answeredInRound) = 
    baseAggregator.latestRoundData();
    require(basePrice > 0, "ChainLink: Base price <= 0");
    require(answeredInRound >= roundID, "ChainLink: Stale price");
    require(timestamp > 0, "ChainLink: Round not complete");
    (roundID, int256 quotePrice, , timestamp, answeredInRound) = assetInfo.aggregator.latestRoundData();
    require(usdcPrice > 0, "ChainLink: Quote price <= 0");
    require(answeredInRound >= roundID, "ChainLink: Stale price");
    require(timestamp > 0, "ChainLink: round not complete");

#0 - olivermehr
2022-05-02T20:26:36Z

Duplicate of issue #1

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xkatana, Dravee, Kenshin, Tadashi, TerrierLover, abhinavmir, defsec, ellahi, fatima_naz, foobar, gzeon, hyh, joestakey, kebabsec, kenta, minhquanym, oyc_109, rayn, robee, sseefried, xpriment626, z3s

Awards

62.9884 USDC - $62.99

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

1)- __gap is defined as storage variable but never used, - In vToken.sol https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/vToken.sol#L222

2)- As mentioned in github description of ManageIndexReweightingLogic.sol - This index reweighs manually by it's admin. shouldn't we put some modifier for reweight function! it is defined as external but as the users of protocol need not to call this function. adding some modifier could be a good practice.

https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ManagedIndexReweightingLogic.sol#L28

similary here for TopNMarketCapReweightingLogic.sol

https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/TopNMarketCapReweightingLogic.sol#L30-L34