Kuiper contest - johnsterlacci's results

Automated portfolio protocol.

General Information

Platform: Code4rena

Start Date: 16/09/2021

Pot Size: $50,000 USDC

Total HM: 26

Participants: 30

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 17

Id: 36

League: ETH

Kuiper

Findings Distribution

Researcher Performance

Rank: 26/30

Findings: 1

Award: $182.60

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Kuiper

Findings Information

🌟 Selected for report: 0xalpharush

Also found by: JMukesh, hack3r-0m, johnsterlacci

Labels

bug

duplicate

2 (Med Risk)

Awards

182.6021 USDC - $182.60

External Links

Link to GitHub issue

Handle

johnsterlacci

Vulnerability details

Impact

Detailed description of the impact of this finding. Reentrancy risk in Basket.burn and Basket.mintTo. A malicious ERC20 can potentially be added to the basket that could call back into these functions to drain other tokens from the basket.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

slither

Recommended Mitigation Steps

Wrap functions in Open Zeppelin Reentrancy Guard

#0 - frank-beard
2021-09-28T21:26:57Z

duplicate of https://github.com/code-423n4/2021-09-defiprotocol-findings/issues/194

#1 - GalloDaSballo
2021-12-19T15:41:27Z

Duplicate of #248

Kuiper contest - johnsterlacci's results

Automated portfolio protocol.

General Information

Findings Distribution

Researcher Performance

External Links

[M-10] Reentrancy Risk In Basket.burn and Basket.mintTo - $182.60

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - frank-beard2021-09-28T21:26:57Z

#1 - GalloDaSballo2021-12-19T15:41:27Z

#0 - frank-beard
2021-09-28T21:26:57Z

#1 - GalloDaSballo
2021-12-19T15:41:27Z