Overlay Protocol contest - hubble's results

A protocol for trading #DeFi data streams.

General Information

Platform: Code4rena

Start Date: 16/11/2021

Pot Size: $50,000 ETH

Total HM: 11

Participants: 17

Period: 7 days

Judge: LSDan

Total Solo HM: 8

Id: 49

League: ETH

Overlay Protocol

Findings Distribution

Researcher Performance

Rank: 9/17

Findings: 2

Award: $2,242.52

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Overlay Protocol

Findings Information

🌟 Selected for report: pauliax

Also found by: defsec, hubble

Labels

bug

duplicate

3 (High Risk)

Awards

0.4476 ETH - $2,068.07

External Links

Link to GitHub issue

Handle

hubble

Vulnerability details

Using/importing openZeppelin version 4.3.2 file ERC1155Supply.sol which has a security advisory. Reference : https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wmpv-c2jp-j2xg

Proof of Concept

File : collateral/OverlayV1OVLCollateral.sol line 7: import "@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Supply.sol";

File : brownie-config.yaml line 23: dependencies:

OpenZeppelin/openzeppelin-contracts@4.3.2

Tools Used

Manual review

Recommended Mitigation Steps

Upgrade the openzeppelin ERC1155Supply.sol dependency version to 4.3.3

#0 - mikeyrf
2021-12-06T23:39:46Z

duplicate #127

Findings Information

🌟 Selected for report: gpersoon

Also found by: WatchPug, cmichel, defsec, harleythedog, hubble, xYrYuYx

Labels

bug

duplicate

2 (Med Risk)

Awards

0.0378 ETH - $174.45

External Links

Link to GitHub issue

Handle

hubble

Vulnerability details

Impact

The function _transferMint is called by both transferFromMint and transferMint which again is used while issuing shares when a user takes a position in OI.

Proof of Concept

File : ovl/OverlayToken.sol file line 268 : function _transferMint( address sender, address recipient, uint256 amount, uint256 minted ) internal {

    uint256 senderBalance = _balances[sender];

    require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");

    unchecked { _balances[sender] = senderBalance - amount; }

    _balances[recipient] += amount + minted;

    emit Transfer(sender, recipient, amount);
    emit Transfer(address(0), recipient, minted);

}

Tools Used

Manual review

Recommended Mitigation Steps

Increment the totalSupply as is done in _mint() _totalSupply += minted;

#0 - mikeyrf
2021-12-06T23:50:04Z

duplicate #59

Overlay Protocol contest - hubble's results

A protocol for trading #DeFi data streams.

General Information

Findings Distribution

Researcher Performance

External Links

[H-02] Using/Importing ERC1155Supply.sol from openzeppelin version 4.3.2 - $2,068.07

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - mikeyrf2021-12-06T23:39:46Z

[M-04] _transferMint not incrementing totalSupply of OVL after minting - $174.45

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - mikeyrf2021-12-06T23:50:04Z

#0 - mikeyrf
2021-12-06T23:39:46Z

#0 - mikeyrf
2021-12-06T23:50:04Z