Back to jah's contests

Cudos contest - jah's results

Decentralised cloud computing for Web3.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $75,000 USDC

Total HM: 6

Participants: 55

Period: 7 days

Judge: Albert Chon

Total Solo HM: 2

Id: 116

League: COSMOS

Cudos

Findings Distribution

Researcher Performance

Rank: 12/55

Findings: 3

Award: $1,239.62

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCudos

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1337, AmitN, WatchPug, cccz, danb, dipp, dirk_y, hubble, jah

Labels

bug
duplicate
2 (Med Risk)

Awards

620.336 USDC - $620.34

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L254

Vulnerability details

Impact

checkValidatorSignatures should check if the cumlativPower is greater than or equal to the threshold as threshold is 2/3 of the validators and if exact number threholders validators sign the message it will not be executed because it it checking if the cumlativPower is greater than the threshold on line 247 and 255 require( cumulativePower > _powerThreshold, );

Proof of Concept

https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L254

Tools Used

Manual

use require( cumulativPower >= _powerThrehold

#0 - V-Staykov

2022-05-11T11:13:33Z

Duplicate of #123

Findings Information

🌟 Selected for report: wuwe1

Also found by: Dravee, GermanKuber, GimelSec, WatchPug, cccz, defsec, dipp, jah, reassor

Labels

bug
duplicate
2 (Med Risk)

Awards

502.4722 USDC - $502.47

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L600

Vulnerability details

Impact

The sendToCosmos function of Gravity transfers _amount of _tokenContract from the sender using the function safeTransferFrom. If the transferred token is a transfer-on-fee/deflationary token, the actually received amount could be less than _amount. However, since _amount is passed as a parameter of the SendToCosmosEvent event, the Cosmos side will think more tokens are locked on the Ethereum side.

Proof of Concept

https://github.com/code-423n4/2021-08-gravitybridge-findings/issues/62

Tools Used

Manual

calculate the the contract balance before and after depositing

#0 - mlukanova

2022-05-10T14:50:55Z

Duplicate of #3

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry

Awards

116.8087 USDC - $116.81

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Impact

veryfySig will always return address(0) if the signature is not correct so it is better to check if the returned value is not address(0)

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Manual

check if the returned value is not address(0)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter