Back to fs0c's contests

Caviar contest - fs0c's results

A fully on-chain NFT AMM that allows you to trade every NFT in a collection.

General Information

Platform: Code4rena

Start Date: 12/12/2022

Pot Size: $36,500 USDC

Total HM: 8

Participants: 103

Period: 7 days

Judge: berndartmueller

Id: 193

League: ETH

Caviar

Findings Distribution

Researcher Performance

Rank: 97/103

Findings: 1

Award: $6.99

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCaviar

Findings Information

🌟 Selected for report: minhquanym

Also found by: 0x52, 0xDecorativePineapple, Apocalypto, BAHOZ, ElKu, Franfran, HE1M, Jeiwan, KingNFT, Koolex, SamGMK, Tointer, Tricko, UNCHAIN, __141345__, ak1, aviggiano, bytehat, carrotsmuggler, cccz, chaduke, cozzetti, dipp, eyexploit, fs0c, haku, hansfriese, hihen, immeas, izhelyazkov, koxuan, ladboy233, lumoswiz, rajatbeladiya, rjs, rvierdiiev, seyni, supernova, unforgiven, yixxas

Awards

6.9881 USDC - $6.99

Labels

bug
3 (High Risk)
satisfactory
duplicate-442

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L417

Vulnerability details

On first creating a new Pair, the user can define the amount of baseTokens and nfts they want to transfer to the contract. This is also true with an already initialized Pair, any user can select the amount of baseTokens and the amount of nfts they want to transfer in the contract.

An attacker can use this to manipulate price and steal from future liquidityProviders.

Vulnerability details

https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L417

Proof Of Concept

  1. Attacker adds 1wei and 100BAYC to create a new Pair of BAYC vs ETH.
  2. The price of pair is highly manipulated right now, and consists of 1wei : 100BAYC.
  3. Now a victim (alice) adds liquidity of 100 ETH and 100 bayc tokens.
  4. The pool now consists of ~100ETH : 200BAYC.
  5. The attacker would now remove their liquidity from the pool by selling their lpTokens and would get back ~50ETH and 100BAYC.
  6. The pool now has 50ETH and 100BAYC tokens, and the victim on removing their liquidity will get ~50ETH and 100BAYC having lost ~50ETH and attacker made a profit of ~50ETH.

Another attack vector would look like this:

  1. Attacker wraps 1M fractional tokens worth of nfts.
  2. Attacker initialises the pool with 1 basic unit of ETH and 1 basic unit of fractionalTokens.
  3. LP token supply right now would be 1 basic unit.
  4. Attacker then directly transfers 1M eth and 1M ( minus 1 basic unit) of fractionalTokens to the Pair contract.
  5. Now any future liquidity provider who try to add liquidity will get 0 LP tokens but their tokens would be transfered to the contract.
  6. Attacker can remove all the liquidity from the pool using 1 unit LP token that they have.

Altough there is a slippage check minLpTokenAmount which prevents it from happening, it would only be used when the user specifically puts the minimum LP amount they want to recieve. An unknowing user who is unaware of the price of LP token can be scammed by the attacker.

This is a issue similar to : https://code4rena.com/reports/2022-01-elasticswap/#m-01-the-value-of-lp-token-can-be-manipulated-by-the-first-minister-which-allows-the-attacker-to-dilute-future-liquidity-providers-shares and TOB-YEARN-003 ( https://docs.yearn.finance/security/ : trail of bits )

Recommendations:

I suggest using the same mechanism in uniswap v2 to prevent such attack by locking first few liquidity tokens.

#0 - c4-judge

2022-12-28T15:23:14Z

berndartmueller marked the issue as duplicate of #442

#1 - c4-judge

2023-01-10T09:18:14Z

berndartmueller marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter