Back to kenta's contests

Lybra Finance - kenta's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 60/132

Findings: 2

Award: $114.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: hl_

Also found by: 0xRobocop, Co0nan, CrypticShepherd, DedOhWale, Iurii3, Kenshin, Musaka, OMEN, RedOneN, SpicyMeatball, Toshii, Vagner, bytes032, cccz, gs8nrv, hl_, kenta, lanrebayode77, mahdikarimi, max10afternoon, peanuts, pep7siup

Awards

5.5262 USDC - $5.53

Labels

bug
2 (Med Risk)
satisfactory
duplicate-532

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L207

Vulnerability details

Impact

The _amount is subtracted from the poolTotalPeUSDCirculation in line 207 of the LybraPeUSDVaultBase.sol. However, the fee will be transferred to the configurator and distributed as a reward, as indicated in the following lines: https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L199C51-L199C63 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L203 Therefore, this amount of the fee should be counted as part of the poolTotalPeUSDCirculation and not subtracted from it.

Proof of Concept

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L207

Tools Used

delete line 207 and add "poolTotalPeUSDCirculation -= amount - totalFee" after line 200.

Assessed type

Other

#0 - c4-pre-sort

2023-07-08T14:05:26Z

JeffCX marked the issue as duplicate of #532

#1 - c4-judge

2023-07-28T15:39:30Z

0xean marked the issue as satisfactory

Findings Information

🌟 Selected for report: T1MOH

Also found by: KupiaSec, RedTiger, devival, kenta, y51r

Labels

bug
2 (Med Risk)
satisfactory
duplicate-44

Awards

109.3508 USDC - $109.35

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L339

Vulnerability details

Impact

It would be a problem if the vaultBadCollateralRatio and vaultSafeCollateralRatio are not set before being used in the liquidation function in the LybraPeUSDVaultBase because getBadCollateralRatio() cannot return the value. getBadCollateralRatio() will fail because of the underflow if the vaultBadCollateralRatio and vaultSafeCollateralRatio are not set. getBadCollateralRatio() will be used in the following line of the liquidation function.https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L128C1-L128C1

Proof of Concept

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L339

Tools Used

Use getSafeCollateralRatio() instead of vaultSafeCollateralRatio[pool] in line 339. It would be much better to implement a new function that reserves all necessary parameters in one transaction to avoid unset parameters.

Assessed type

Other

#0 - c4-pre-sort

2023-07-09T14:34:32Z

JeffCX marked the issue as duplicate of #926

#1 - c4-judge

2023-07-28T15:35:36Z

0xean marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter