Platform: Code4rena
Start Date: 09/02/2024
Pot Size: $60,500 USDC
Total HM: 17
Participants: 283
Period: 12 days
Judge:
Id: 328
League: ETH
Rank: 56/283
Findings: 2
Award: $120.49
π Selected for report: 0
π Solo Findings: 0
π Selected for report: abhishek_thaku_r
Also found by: 0xAlix2, 0xDetermination, 0xShitgem, Draiakoo, Fulum, Greed, MrPotatoMagic, PoeAudits, Tychai0s, ahmedaghadi, alexzoid, dimulski, fnanni, givn, iamandreiski, immeas, kartik_giri_47538, kiqo, klau5, korok, ktg, maxim371, offside0011, pontifex, sashik_eth, stakog, swizz, yotov721
111.676 USDC - $111.68
FighterFarm::reRoll function the type of parameter tokenId is mismatched which can lead the function to revert.Description: The FighterFarm::reRoll function in the FighterFarm contract accepts tokenId as an uint8 parameter, while in most of the protocol the tokenId is of type uint256. The mapping numRerolls which is used inside the FighterFarm::reRoll function also except the tokenId to be the type of uint256 as stated in the below code.
/// @notice Mapping to keep track of how many times an nft has been re-rolled. @> mapping(uint256 => uint8) public numRerolls;
Impact: The using of uint8 type for tokenId in the FighterFarm::reRoll function can lead to the potential errors which will cause the revert every time when user try to use reRoll function with the tokenId which exceeds the 255 value.
Proof of Concept: (Proof Of Code)
The below code shows how the call to reRoll function will revert if the tokenId exceeds the value 255.
contract User { FighterFarm fighterFarm; function reRollExample(uint256 tokenId) external { // This call will fail due to parameter type mismatch @> fighterFarm.reRoll(tokenId, 0); } }
Recommended Mitigation: Change the tokenId parameter of FighterFarm::reRoll function to be of type uint256 to align with the most of the protocol.
Below code shows the recommended mitigation.
function reRoll( + uint256 tokenId, - uint8 tokenId, uint8 fighterType ) public { // Rest of Code... }
DoS
#0 - c4-pre-sort
2024-02-22T01:27:48Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-22T01:27:54Z
raymondfam marked the issue as duplicate of #68
#2 - c4-judge
2024-03-05T01:57:51Z
HickupHH3 marked the issue as satisfactory
π Selected for report: givn
Also found by: 0x11singh99, 0xAkira, 0xBinChook, 0xDetermination, 0xMosh, 0xStriker, 0xmystery, 14si2o_Flint, 7ashraf, Aamir, AlexCzm, BARW, Bauchibred, BenasVol, BigVeezus, Blank_Space, Bube, DarkTower, DeFiHackLabs, EagleSecurity, KmanOfficial, Krace, McToady, MrPotatoMagic, PetarTolev, Rolezn, SHA_256, SpicyMeatball, Tekken, Timenov, ZanyBonzy, agadzhalov, alexzoid, boredpukar, btk, cartlex_, dimulski, forkforkdog, haxatron, immeas, jesjupyter, juancito, kartik_giri_47538, klau5, lsaudit, merlinboii, nuthan2x, offside0011, oualidpro, peter, radev_sw, rekxor, rspadi, shaflow2, shaka, swizz, vnavascues, yotov721, yovchev_yoan
8.8123 USDC - $8.81
Neuron contract.Description: The Neuron::mint function in the Neuron contract checks if totalSupply() + amount < MAX_SUPPLY before minting new tokens. This condition prevents the total token supply from reaching the maximum supply defined by MAX_SUPPLY.
Impact: As a result of this condition, the token supply cannot reach the maximum supply specified by MAX_SUPPLY.
Proof of Concept: (Proof Of Code)
The below test case shows that we can not reach the MAX_SUPPLY of the token.
function testMintWithMinterRole() public { address minter = vm.addr(3); _neuronContract.addMinter(minter); uint256 amount = (_neuronContract.MAX_SUPPLY() - _neuronContract.totalSupply()); console.log("Minting amount is : ", amount); vm.prank(minter); _neuronContract.mint(minter, amount); assertEq(_neuronContract.balanceOf(minter), amount); console.log("Minting amount left: ", _neuronContract.MAX_SUPPLY() - _neuronContract.totalSupply()); }
Output :-
[FAIL. Reason: Trying to mint more than the max supply] testMintWithMinterRole() (gas: 43989)
Recommended Mitigation: To allow the token supply to reach the maximum supply defined by MAX_SUPPLY, the condition in the mint function should be modified to totalSupply() + amount <= MAX_SUPPLY. This change ensures that the maximum supply can be reached without exceeding it.
Below code shows the recommended mitigation.
function mint(address to, uint256 amount) public virtual { - require(totalSupply() + amount < MAX_SUPPLY, "Trying to mint more than the max supply"); + require(totalSupply() + amount <= MAX_SUPPLY, "Trying to mint more than or equal to the max supply"); // Minting logic... }
ERC20
#0 - c4-pre-sort
2024-02-21T22:31:00Z
raymondfam marked the issue as insufficient quality report
#1 - c4-pre-sort
2024-02-21T22:31:05Z
raymondfam marked the issue as duplicate of #7
#2 - c4-judge
2024-03-05T02:27:33Z
HickupHH3 changed the severity to QA (Quality Assurance)
#3 - HickupHH3
2024-03-05T02:30:55Z
R #618: R #616: L #614: L #615: L
#4 - c4-judge
2024-03-15T14:14:54Z
HickupHH3 marked the issue as grade-c
#5 - c4-judge
2024-03-20T08:05:12Z
HickupHH3 marked the issue as grade-b