Back to hubble's contests

Paladin contest - hubble's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 29/03/2022

Pot Size: $50,000 USDC

Total HM: 16

Participants: 42

Period: 5 days

Judge: 0xean

Total Solo HM: 9

Id: 105

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 5/42

Findings: 2

Award: $4,151.74

🌟 Selected for report: 2

🚀 Solo Findings: 2

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPaladin

Findings Information

🌟 Selected for report: hubble

Labels

bug
2 (Med Risk)
resolved
sponsor confirmed

Awards

2075.8711 USDC - $2,075.87

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L228-L235

Vulnerability details

Function cooldown() is not protected when protocol is in emergency mode. Its behavior is not consistent with the other major functions defined.

Impact

While other major functions like stake, unstake, lock, unlock, etc., of this contract is protected by checking for emergency flag and reverting, this function cooldown() is not checked. The impact of this is that during emergency mode, users can set immediately the cooldown() and plan for unstaking when the emergency mode is lifted and cooldown period expires. This may not be the desirable behaviour expected by the protocol.

Proof of Concept

Contract Name : HolyPaladinToken.sol Function cooldown()

Add checking for emergency mode for this function also.

if(emergency) revert EmergencyBlock();

#0 - Kogaroshi

2022-04-02T21:18:13Z

Changes made in: https://github.com/PaladinFinance/Paladin-Tokenomics/pull/10

Findings Information

🌟 Selected for report: hubble

Labels

bug
2 (Med Risk)
resolved
sponsor confirmed

Awards

2075.8711 USDC - $2,075.87

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L446-L468

Vulnerability details

When the contract is in blocked state (emergency mode), the protocol wants to return an empty UserLock info, on calling the function getUserLock. However, there is another way, by which the users can find the same information.

The below function is not protected when in emergency mode, and users can use this alternatively. Line#466 function getUserPastLock(address user, uint256 blockNumber)

Impact

There is no loss of funds, however the intention to block information (return empty lock info) is defeated, because not all functions are protected. There is inconsistency in implementing the emergency mode check.

Proof of Concept

Contract Name : HolyPaladinToken.sol Functions getUserLock and getUserPastLock

Add checking for emergency mode for this function getUserPastLock.

if(emergency) revert EmergencyBlock();

Additional user access check can be added, so that the function returns correct value when the caller(msg.sender) is admin or owner.

#0 - Kogaroshi

2022-04-04T13:09:17Z

Instead of reverting the call, we return an empty Lock (as for getUserLock()) Changes in the PR: https://github.com/PaladinFinance/Paladin-Tokenomics/pull/13

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter