Back to jonatascm's contests

FIAT DAO veFDT contest - jonatascm's results

Unlock liquidity for your DeFi fixed income assets.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $35,000 USDC

Total HM: 10

Participants: 126

Period: 3 days

Judge: Justin Goro

Total Solo HM: 3

Id: 154

League: ETH

FIAT DAO

Findings Distribution

Researcher Performance

Rank: 5/126

Findings: 3

Award: $733.90

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFIAT DAO

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1f8b, 0xSky, CodingNameKiki, DecorativePineapple, Noah3o6, Waze, jonatascm, oyc_109, pedr02b2, peritoflores

Labels

bug
duplicate
3 (High Risk)

Awards

314.0226 USDC - $314.02

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L425-L428 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L485-L488 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L546 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L657 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L676

Vulnerability details

Vulnerability details

Some ERC20 tokens such as USDT don't return boolean values from transfer and transferFrom methods. The require checks will therefore revert causing the functions to be unusable.

Impact

This would prevent withdraw and createLock functions to be executed, for example.

Recommended Mitigation Steps

Use safeTransfer and safeTransferFrom methods of OpenZeppelin's SafeERC20 library instead of transfer and transferFrom:

// Case of transferFrom function:
- require(
-  token.transferFrom(msg.sender, address(this), _value),
-  "Transfer failed"
- );
+ token.safeTransferFrom(msg.sender, address(this), _value);

// Case of transfer function:
- require(token.transfer(msg.sender, value), "Transfer failed");
+ token.safeTransfer(msg.sender, value);

#0 - bahurum

2022-08-16T22:11:40Z

Duplicate of #231

#1 - lacoop6tu

2022-08-17T08:26:42Z

Duplicate of #231

Findings Information

🌟 Selected for report: CertoraInc

Also found by: cccz, csanuragjain, jonatascm, scaraven

Labels

bug
duplicate
2 (Med Risk)

Awards

389.9867 USDC - $389.99

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L425-L428 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L485-L488 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L546 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L657 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L676

Vulnerability details

Vulnerability details

If the token is set to a deflationary/fee-on-transfer token then its actual transfer amounts will not be accurately reflected in the protocol accounting given the lack of pre-transfer and post-transfer checks on asset transfers.

Impact

Some users may not receive their tokens as expected.

Recommended Mitigation Steps

Consider adding a check of balance pre-transfer and post-transfer, use this code as example:

uint256 _balance = token.balanceOf(address(this));
token.safeTransferFrom(msg.sender, address(this), _value);
uint256 balance_ = token.balanceOf(address(this));

//If deflationary/fee-on-transfer depositedAmount != _value
uint256 depositedAmount = balance_ - _balance;

#0 - bahurum

2022-08-16T22:10:21Z

Duplicate of #229

#1 - lacoop6tu

2022-08-17T08:25:03Z

Duplicate of #229

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x1f8b, 0x52, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xbepresent, 0xmatt, 0xsolstars, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, DecorativePineapple, Deivitto, Dravee, ElKu, Funen, GalloDaSballo, IllIllI, JC, JohnSmith, Junnon, KIntern_NA, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Sm4rty, TomJ, Vexjon, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, auditor0517, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, cRat1st0s, cryptphi, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, exd0tpy, fatherOfBlocks, gogo, jonatascm, ladboy233, medikko, mics, natzuu, neumo, p_crypt0, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saneryee, seyni, sikorico, simon135, sseefried, wagmi, wastewa

Awards

29.8918 USDC - $29.89

Labels

bug
duplicate
QA (Quality Assurance)

External Links

Link to GitHub issue

Floating pragma is risky

All contracts in scope

Vulnerability details

The codebase uses floating pragma. All contracts should be compiled with same pragma version. Locking the pragma ensures that contracts do not accidentally get deployed using either an outdated buggy compiler version or a compiler version different from what the code has been tested with.

Recommended Mitigation Steps

Use the same compiler version for all contracts by setting a specific version e.g. 0.8.15  for these contracts.

Missing unblock functionality in Blocklist

Blocklist.sol

Vulnerability details

Blocklist contract should give support to unblock users.

Recommended Mitigation Steps

Add a function that unblock users.

#0 - gititGoro

2022-09-04T04:49:58Z

Duplicate of #162

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter