Back to jnforja's contests

Venus Prime - jnforja's results

Earn, borrow & lend on the #1 Decentralized Money Market on the BNB chain.

General Information

Platform: Code4rena

Start Date: 28/09/2023

Pot Size: $36,500 USDC

Total HM: 5

Participants: 115

Period: 6 days

Judge: 0xDjango

Total Solo HM: 1

Id: 290

League: ETH

Venus Protocol

Findings Distribution

Researcher Performance

Rank: 112/115

Findings: 1

Award: $4.37

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVenus Protocol

Findings Information

🌟 Selected for report: Bauchibred

Also found by: 0x3b, 0xDetermination, 0xMosh, 0xScourgedev, 0xTheC0der, 0xTiwa, 0xWaitress, 0xdice91, 0xfusion, 0xpiken, 0xprinc, 0xweb3boy, ArmedGoose, Aymen0909, Breeje, Brenzee, Daniel526, DavidGiladi, DeFiHackLabs, Flora, Fulum, HChang26, Hama, IceBear, J4X, Krace, KrisApostolov, Maroutis, Mirror, MohammedRizwan, Norah, PwnStars, SPYBOY, TangYuanShen, Testerbot, ThreeSigma, Tricko, al88nsk, alexweb3, ast3ros, berlin-101, bin2chen, blutorque, btk, d3e4, deth, e0d1n, ether_sky, ge6a, gkrastenov, glcanvas, hals, imare, inzinko, jkoppel, jnforja, joaovwfreire, josephdara, kutugu, lotux, lsaudit, mahdirostami, merlin, n1punp, nadin, neumo, nisedo, nobody2018, oakcobalt, orion, peanuts, pep7siup, pina, ptsanev, rokinot, rvierdiiev, said, santipu_, sashik_eth, seerether, squeaky_cactus, terrancrypt, tonisives, twicek, vagrant, xAriextz, y4y

Awards

4.3669 USDC - $4.37

Labels

bug
grade-b
low quality report
QA (Quality Assurance)
Q-27

External Links

Link to GitHub issue

User without a prime token can get a value for interests[vToken][user].rewardIndex set

Since any user can call claimInterest(address, address), the value of interests[vToken][user].rewardIndex can be set to a non-zero value even if the user doesn't have a prime token.

Code that sets the interests[vToken][user].rewardIndex for any user.

POC

To run the POC, go to tests/hardhat/Prime/Prime.ts add an attacker signer, and paste the it block below inside describe("boosted yield", () => {...}).

it.only("User without a prime token can get a value for interests[vToken][user].rewardIndex set", async () => {
      // Mock so markets[vToken].rewardIndex != 0
      await protocolShareReserve.getUnreleasedFunds.returns("518436");
      await prime.accrueInterest(vusdt.address);

      expect((await prime.interests(vusdt.address, attacker.getAddress())).rewardIndex).to.eq(0);
      await prime.connect(attacker)["claimInterest(address,address)"](vusdt.address, attacker.getAddress());
      expect((await prime.interests(vusdt.address, attacker.getAddress())).rewardIndex).to.be.greaterThan(0);
    });

_claimInterest(address, address) should check whether the user has a prime token. If not, don't update interests[vToken][user].rewardIndex as it should already be 0 from when the token was burnt.

#0 - c4-pre-sort

2023-10-07T02:12:08Z

0xRobocop marked the issue as low quality report

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter