Vader Protocol contest - jayjonah8's results

Liquidity Protocol anchored by Native Stablecoin with Slip-Based Fees AMM, IL protection and Synthetics.

General Information

Platform: Code4rena

Start Date: 21/12/2021

Pot Size: $30,000 USDC

Total HM: 20

Participants: 20

Period: 5 days

Judge: Jack the Pug

Total Solo HM: 13

Id: 70

League: ETH

Vader Protocol

Findings Distribution

Researcher Performance

Rank: 19/20

Findings: 1

Award: $26.21

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Vader Protocol

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: Jujic

Also found by: jayjonah8, pauliax, robee

Labels

bug

duplicate

1 (Low Risk)

LiquidityBasedTWAP

Awards

26.2062 USDC - $26.21

External Links

Link to GitHub issue

Handle

jayjonah8

Vulnerability details

Impact

In LiquidityBasedTWAP.sol the vaderPairs storage variable is an array and this array is looped over in the getStaleVaderPrice() function. Looping dynamic arrays without limits can cause out of gas errors as the number of pairs grows and could lead to the function breaking every time.

Proof of Concept

https://blog.b9lab.com/getting-loopy-with-solidity-1d51794622ad

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/lbt/LiquidityBasedTWAP.sol#L27

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/lbt/LiquidityBasedTWAP.sol#L56

Tools Used

Manual code review

Recommended Mitigation Steps

There should be a limit set for the vaderPairs array that can be updated by an admin to avoid scaling problems due to looping large arrays and reaching the gas limit.

#0 - jack-the-pug
2022-03-13T07:04:12Z

Dup #110

Vader Protocol contest - jayjonah8's results

Liquidity Protocol anchored by Native Stablecoin with Slip-Based Fees AMM, IL protection and Synthetics.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $26.21

QA Report - $26.21

[L-02] loop over dynamic arrays can cause out of gas errors - $26.21

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - jack-the-pug2022-03-13T07:04:12Z

#0 - jack-the-pug
2022-03-13T07:04:12Z