HydraDX - ihtishamsudo's results

HydraDX Omnipool - An Ocean of Liquidity for Polkadot Trade an abundance of assets in a single pool. The HydraDX Omnipool is efficient, sustainable and trustless.

General Information

Platform: Code4rena

Start Date: 02/02/2024

Pot Size: $100,000 USDC

Total HM: 11

Participants: 27

Period: 28 days

Judge: Lambda

Total Solo HM: 4

Id: 327

League:

HydraDX

Findings Distribution

Researcher Performance

Rank: 27/27

Findings: 1

Award: $22.99

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository HydraDX

Findings Information

🌟 Selected for report: castle_chain

Also found by: 3docSec, Aymen0909, Franfran, J4X, Ocean_Sky, QiuhaoLi, TheSchnilch, ZanyBonzy, alix40, alkrrrrp, bin2chen, carrotsmuggler, ihtishamsudo, oakcobalt, peachtea, tsvetanovv, zhaojie

Awards

22.9928 USDC - $22.99

Labels

bug

downgraded by judge

grade-b

insufficient quality report

QA (Quality Assurance)

Q-13

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-hydradx//blob/main/HydraDX-node/pallets/omnipool/src/traits.rs#L171

Vulnerability details

Proof of Concept

The code uses map_err(|_| ())? in several places to handle errors. This approach discards the original error and replaces it with (). While this is a simple way to handle errors, it can make debugging difficult if an error occurs, as there will be no information about what the original error was.

For Example

let oracle_price = ExternalOracle::get_price(asset_a, asset_b).map_err(|_| ())?;

Impact

In this line, if get_price returns an error, map_err converts it into (), and then the ? operator immediately returns this from the current function. This means that if get_price fails, we'll know that an error occurred, but we won't know why. and it would make it difficult to track errors while debugging

Tools Used

Manual

Recommended Mitigation Steps

A better approach would be to define a custom error type that can hold different kinds of errors. This way, we can convert the original error into our custom error type, preserving the original error information. Here's an example:

#[derive(Debug)]
enum MyError {
    OracleError(OracleError),
    // other kinds of errors...
}

let oracle_price = ExternalOracle::get_price(asset_a, asset_b).map_err(MyError::OracleError)?;

In this version, if get_price fails, its error is wrapped in the MyError::OracleError variant, and then this is returned from the current function. This preserves the original error information, making it easier to debug what went wrong.

Assessed type

Error

#0 - 0xRobocop
2024-03-03T09:35:34Z

Consider QA

#1 - c4-pre-sort
2024-03-03T09:35:37Z

0xRobocop marked the issue as insufficient quality report

#2 - c4-judge
2024-03-08T11:26:44Z

OpenCoreCH changed the severity to QA (Quality Assurance)

#3 - c4-judge
2024-03-09T10:53:42Z

OpenCoreCH marked the issue as grade-b

HydraDX - ihtishamsudo's results

HydraDX Omnipool - An Ocean of Liquidity for Polkadot Trade an abundance of assets in a single pool. The HydraDX Omnipool is efficient, sustainable and trustless.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-13] QA Report - $22.99

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Proof of Concept

Impact

Tools Used

Recommended Mitigation Steps

Assessed type

#0 - 0xRobocop2024-03-03T09:35:34Z

#1 - c4-pre-sort2024-03-03T09:35:37Z

#2 - c4-judge2024-03-08T11:26:44Z

#3 - c4-judge2024-03-09T10:53:42Z

#0 - 0xRobocop
2024-03-03T09:35:34Z

#1 - c4-pre-sort
2024-03-03T09:35:37Z

#2 - c4-judge
2024-03-08T11:26:44Z

#3 - c4-judge
2024-03-09T10:53:42Z