Back to fs0c's contests

Caviar Private Pools - fs0c's results

A fully on-chain NFT AMM that allows you to trade every NFT in a collection.

General Information

Platform: Code4rena

Start Date: 07/04/2023

Pot Size: $47,000 USDC

Total HM: 20

Participants: 120

Period: 6 days

Judge: GalloDaSballo

Total Solo HM: 4

Id: 230

League: ETH

Caviar

Findings Distribution

Researcher Performance

Rank: 99/120

Findings: 1

Award: $10.86

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCaviar

Findings Information

🌟 Selected for report: AkshaySrivastav

Also found by: 0xTheC0der, Dug, GT_Blockchain, Haipls, adriro, bin2chen, carlitox477, dingo2077, fs0c, hasmama, hihen, holyhansss_kr, juancito, ladboy233, philogy, saian, said, sashik_eth, yixxas, zion

Awards

10.8554 USDC - $10.86

Labels

bug
2 (Med Risk)
satisfactory
sponsor confirmed
duplicate-419

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/main/src/Factory.sol#L92

Vulnerability details

Impact

In the worst case a user might loose the funds they deposit to the PrivatePool. This includes both the NFT and the ERC20 token they deposit as the deposit might go to the PrivatePool that an attacker owns.

Vulnerability Details

Private Pools are created using the following code which internally calls create2 with the salt specified by the user:

privatePool = PrivatePool(
            payable(privatePoolImplementation.cloneDeterministic(_salt))
        );

Calling this with the same _salt will result in same privatePool address, but not in a regular scenario as the transaction would fail the second time.

Imagine a scenario where a legit user Alice calls the function create to deploy the privatePool and later wants to call deposit to send funds to it. Bob sees that network block re-org happens and calls the function create with the same salt that Alice used, this would make Bob the actual owner of that pool and Alice’s transaction would be invalidated. Now Alice thinks that they own this privatePool as they recieved the address of the privatePool, so they call deposit , and as the deposit doesn’t check the owner the transaction would pass through and they would transfer tokens to Bob’s privatepool where bob can now withdraw the funds.

Recommendation

Salt can also include msg.sender so the addresses would be different for different users.

#0 - c4-pre-sort

2023-04-20T17:33:11Z

0xSorryNotSorry marked the issue as primary issue

#1 - c4-sponsor

2023-04-22T13:35:12Z

outdoteth marked the issue as sponsor confirmed

#2 - outdoteth

2023-04-22T14:45:23Z

duplicate of https://github.com/code-423n4/2023-04-caviar-findings/issues/419

#3 - c4-judge

2023-04-28T08:54:02Z

GalloDaSballo marked the issue as duplicate of #661

#4 - c4-judge

2023-05-03T19:52:47Z

GalloDaSballo marked the issue as not a duplicate

#5 - c4-judge

2023-05-03T19:53:08Z

GalloDaSballo marked the issue as duplicate of #419

#6 - c4-judge

2023-05-03T19:53:20Z

GalloDaSballo marked the issue as satisfactory

#7 - GalloDaSballo

2023-05-03T19:53:36Z

Accepting as satisfactory but I have considered downgrading, the front-run grief is a lot more believable in this case

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter