Back to gumgumzum's contests

The Wildcat Protocol - gumgumzum's results

Banking, but worse - a protocol for fixed-rate, undercollateralised credit facilities.

General Information

Platform: Code4rena

Start Date: 16/10/2023

Pot Size: $60,500 USDC

Total HM: 16

Participants: 131

Period: 10 days

Judge: 0xTheC0der

Total Solo HM: 3

Id: 296

League: ETH

Wildcat Protocol

Findings Distribution

Researcher Performance

Rank: 115/131

Findings: 1

Award: $0.06

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryWildcat Protocol

Findings Information

🌟 Selected for report: 0xpiken

Also found by: 0xCiphky, 0xComfyCat, 0xStalin, 0xhegel, 0xkazim, 3docSec, AM, Aymen0909, CaeraDenoir, DeFiHackLabs, Drynooo, Eigenvectors, Fulum, HALITUS, HChang26, Jiamin, Juntao, LokiThe5th, Mike_Bello90, MiloTruck, QiuhaoLi, Silvermist, SovaSlava, SpicyMeatball, T1MOH, Toshii, TrungOre, TuringConsulting, Vagner, Yanchuan, ZdravkoHr, _nd_koo, almurhasan, audityourcontracts, ayden, cartlex_, circlelooper, crunch, cu5t0mpeo, deth, erictee, ggg_ttt_hhh, gizzy, gumgumzum, hash, jasonxiale, josephdara, ke1caM, kodyvim, lanrebayode77, marqymarq10, max10afternoon, nirlin, nonseodion, osmanozdemir1, peter, radev_sw, rvierdiiev, said, serial-coder, sl1, smiling_heretic, squeaky_cactus, stackachu, tallo, trachev, zaevlad

Awards

0.0606 USDC - $0.06

Labels

bug
3 (High Risk)
partial-50
upgraded by judge
edited-by-warden
duplicate-431

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L133-L162 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatMarketController.sol#L468-L488

Vulnerability details

Impact

According the documentation, borrowers should be able to close markets but they can't since WildcatMarket@closeMarket is only callable by the WildcatMarketController and is not used anywhere there.

Proof of Concept

The documentation describes closing markets as a special case of reducing APR but WildcatMarketController@setAnnualInterestBips is missing logic for that.

WildcatMarket.sol
  function closeMarket() external onlyController nonReentrant {
    // ...
  }
WildcatMarketController.sol
  function setAnnualInterestBips(
    address market,
    uint16 annualInterestBips
  ) external virtual onlyBorrower onlyControlledMarket(market) {
    // If borrower is reducing the interest rate, increase the reserve
    // ratio for the next two weeks.
    if (annualInterestBips < WildcatMarket(market).annualInterestBips()) {
      TemporaryReserveRatio storage tmp = temporaryExcessReserveRatio[market];

      if (tmp.expiry == 0) {
        tmp.reserveRatioBips = uint128(WildcatMarket(market).reserveRatioBips());

        // Require 90% liquidity coverage for the next 2 weeks
        WildcatMarket(market).setReserveRatioBips(9000);
      }

      tmp.expiry = uint128(block.timestamp + 2 weeks);
    }

    WildcatMarket(market).setAnnualInterestBips(annualInterestBips);
  }

Tools Used

Manual Review

Add the missing logic for closing markets in WildcatMarketController.

Assessed type

Other

#0 - c4-pre-sort

2023-10-27T07:33:49Z

minhquanym marked the issue as duplicate of #147

#1 - c4-judge

2023-11-07T13:53:20Z

MarioPoneder changed the severity to 2 (Med Risk)

#2 - c4-judge

2023-11-07T14:10:12Z

MarioPoneder marked the issue as partial-50

#3 - c4-judge

2023-11-07T14:16:53Z

MarioPoneder changed the severity to 3 (High Risk)

Findings Information

🌟 Selected for report: 0xpiken

Also found by: 0xCiphky, 0xComfyCat, 0xStalin, 0xhegel, 0xkazim, 3docSec, AM, Aymen0909, CaeraDenoir, DeFiHackLabs, Drynooo, Eigenvectors, Fulum, HALITUS, HChang26, Jiamin, Juntao, LokiThe5th, Mike_Bello90, MiloTruck, QiuhaoLi, Silvermist, SovaSlava, SpicyMeatball, T1MOH, Toshii, TrungOre, TuringConsulting, Vagner, Yanchuan, ZdravkoHr, _nd_koo, almurhasan, audityourcontracts, ayden, cartlex_, circlelooper, crunch, cu5t0mpeo, deth, erictee, ggg_ttt_hhh, gizzy, gumgumzum, hash, jasonxiale, josephdara, ke1caM, kodyvim, lanrebayode77, marqymarq10, max10afternoon, nirlin, nonseodion, osmanozdemir1, peter, radev_sw, rvierdiiev, said, serial-coder, sl1, smiling_heretic, squeaky_cactus, stackachu, tallo, trachev, zaevlad

Awards

0.0606 USDC - $0.06

Labels

bug
3 (High Risk)
partial-50
upgraded by judge
duplicate-431

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketConfig.sol#L128-L144 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/libraries/MarketState.sol#L59-L61 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L53

Vulnerability details

Impact

Maximum supply cannot be increased and by extension the max deposit limit too.

Proof of Concept

WildcatMarketConfig@setMaxTotalSupply is only callable by the WildcatMarketController but is not used anywhere there.

WildcatMarketConfig.sol
  function setMaxTotalSupply(uint256 _maxTotalSupply) external onlyController nonReentrant {
    // ...
  }

Tools Used

Manual Review

Add the missing logic to allow the borrower to set the maximum total supply in the WildcatMarketController or change the modifier from onlyController to onlyBorrower for WildcatMarketConfig@setMaxTotalSupply.

Assessed type

Other

#0 - c4-pre-sort

2023-10-27T06:24:01Z

minhquanym marked the issue as duplicate of #162

#1 - c4-pre-sort

2023-10-27T06:58:27Z

minhquanym marked the issue as duplicate of #147

#2 - c4-judge

2023-11-07T13:52:49Z

MarioPoneder marked the issue as partial-50

#3 - c4-judge

2023-11-07T13:53:41Z

MarioPoneder changed the severity to 2 (Med Risk)

#4 - c4-judge

2023-11-07T14:16:53Z

MarioPoneder changed the severity to 3 (High Risk)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter