Back to jayjonah8's contests

Cally contest - jayjonah8's results

Earn yield on your NFTs or tokens via covered call vaults.

General Information

Platform: Code4rena

Start Date: 10/05/2022

Pot Size: $50,000 USDC

Total HM: 13

Participants: 100

Period: 5 days

Judge: HardlyDifficult

Total Solo HM: 1

Id: 122

League: ETH

Cally

Findings Distribution

Researcher Performance

Rank: 78/100

Findings: 2

Award: $48.58

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCally

Findings Information

🌟 Selected for report: BondiPestControl

Also found by: 0xf15ers, GimelSec, IllIllI, MadWookie, MiloTruck, Ruhum, VAD37, berndartmueller, cccz, csanuragjain, dipp, hake, horsefacts, jayjonah8, m9800, pedroais, throttle

Awards

31.6149 USDC - $31.61

Labels

bug
duplicate
2 (Med Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L224

Vulnerability details

Impact

In Cally.sol the buyOption() function requires that the msg.value is greater than or equal to the premium when it should always be greater and not equal since the premium is the base fee to buy the option. The msg.value should naturally always be higher than the base fee when buying an option.

Proof of Concept

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L224

Tools Used

Manual code review

-    require(msg.value >= premium, "Incorrect ETH amount sent");
+    require(msg.value > premium, "Incorrect ETH amount sent");

#0 - outdoteth

2022-05-15T16:57:01Z

It should be equal not greater

require(msg.value == premium);

Not sure if this qualifies as an issue because it gives the incorrect solution but does identify an issue

#1 - outdoteth

2022-05-15T17:00:32Z

reference issue: https://github.com/code-423n4/2022-05-cally-findings/issues/84

#2 - HardlyDifficult

2022-05-22T20:33:28Z

Yes, we'll still consider this a valid submission -- the more important point is they identified an issue. Keeping this as a dupe

Findings Information

🌟 Selected for report: hickuphh3

Also found by: FSchmoede, GimelSec, Kenshin, Kumpa, MiloTruck, WatchPug, antonttc, berndartmueller, catchup, cccz, dipp, hake, jah, jayjonah8, joestakey, kebabsec, minhquanym, peritoflores, rfa, shenwilly, ynnad

Awards

16.9712 USDC - $16.97

Labels

bug
duplicate
2 (Med Risk)
sponsor confirmed

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L199

Vulnerability details

Impact

In Cally.sol the createVault() function calls transferFrom() on a ERC721 token. This does not ensure that the ERC721 token is not sent to an address that is not able to properly support it which could result in the loss of the token.

Proof of Concept

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L199.

Tools Used

Manual code review

Making use of the safeTransferFrom() function will ensure that whoever receives the ERC721 token is able to properly support it. This protects users from losing tokens.

#0 - outdoteth

2022-05-15T20:41:07Z

use safeTransferFrom to prevent stuck NFTs: https://github.com/code-423n4/2022-05-cally-findings/issues/38

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter