Back to georgits's contests

Popcorn contest - georgits's results

A multi-chain regenerative yield-optimizing protocol.

General Information

Platform: Code4rena

Start Date: 31/01/2023

Pot Size: $90,500 USDC

Total HM: 47

Participants: 169

Period: 7 days

Judge: LSDan

Total Solo HM: 9

Id: 211

League: ETH

Popcorn

Findings Distribution

Researcher Performance

Rank: 63/169

Findings: 2

Award: $158.09

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPopcorn

Findings Information

🌟 Selected for report: ustas

Also found by: 0xRobocop, Ada, bin2chen, georgits, gjaldon, hashminer0725, ktg, mert_eren, okkothejawa, pwnforce

Labels

bug
3 (High Risk)
satisfactory
sponsor confirmed
upgraded by judge
duplicate-45

Awards

122.6059 USDC - $122.61

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-01-popcorn//blob/main/src/vault/VaultController.sol#L669

Vulnerability details

Impact

In the _verifyCreatorOrOwner description the caller has to be either creator of the vault OR owner of VaultController but the function reverts if the caller is not both creator of the vault AND owner of VaultController at the same time. All functions that call _verifyCreatorOrOwner will fail if msg.sender isn't creator of the vault AND owner of VaultController.

Proof of Concept

if (msg.sender != metadata.creator || msg.sender != owner) revert NotSubmitterNorOwner(msg.sender);

https://github.com/code-423n4/2023-01-popcorn//blob/main/src/vault/VaultController.sol#L669

Tools Used

Manual code review

Change the if statement to

msg.sender != metadata.creator && msg.sender != owner

#0 - c4-judge

2023-02-16T07:24:14Z

dmvt marked the issue as duplicate of #45

#1 - c4-sponsor

2023-02-18T12:08:21Z

RedVeil marked the issue as sponsor confirmed

#2 - c4-judge

2023-02-23T00:19:28Z

dmvt marked the issue as satisfactory

#3 - c4-judge

2023-02-23T01:08:03Z

dmvt changed the severity to 3 (High Risk)

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x3b, 0xAgro, 0xBeirao, 0xMirce, 0xNineDec, 0xRobocop, 0xSmartContract, 0xTraub, 0xWeiss, 2997ms, 41i3xn, Awesome, Aymen0909, Bauer, Bnke0x0, Breeje, Cryptor, DadeKuma, Deathstore, Deekshith99, DevABDee, DevTimSch, Dewaxindo, Diana, Ermaniwe, Guild_3, H0, IceBear, Inspectah, JDeryl, Kaiziron, Kaysoft, Kenshin, Mukund, Praise, RaymondFam, Rickard, Rolezn, Ruhum, Sathish9098, SkyWalkerMan, SleepingBugs, UdarTeam, Udsen, Walter, aashar, adeolu, apvlki, arialblack14, ast3ros, btk, chaduke, chandkommanaboyina, chrisdior4, climber2002, codetilda, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, descharre, dharma09, doublesharp, eccentricexit, ethernomad, fs0c, georgits, halden, hansfriese, hashminer0725, immeas, lukris02, luxartvinsec, matrix_0wl, merlin, mookimgo, mrpathfindr, nadin, olegthegoat, pavankv, rbserver, rebase, savi0ur, sayan, scokaf, seeu, shark, simon135, tnevler, tsvetanovv, ulqiorra, ustas, waldenyan20, y1cunhui, yongskiws, yosuke

Awards

35.4779 USDC - $35.48

Labels

bug
grade-b
QA (Quality Assurance)
Q-110

External Links

Link to GitHub issue

Use latest Solidity version with a stable pragma statement

All solidity files

Missing a check if the clone has already been registered

CloneRegistry.sol - 41

NatSpec must be updated

DeploymentController.sol - 60

Remove unused imports

YearnAdapter.sol - 6(IStrategy, IAdapter)

BeefyAdapter.sol - 6(IStrategy)

Use of ecrecover is susceptible to signature malleability, consider using OpenZeppelin's ECDSA library

MultiRewardStaking.sol - 459

Vault.sol - 678

AdapterBase.sol - 646

#0 - c4-judge

2023-02-28T14:56:17Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter