Back to klau5's contests

veRWA - klau5's results

Incentivization Primitive for Real World Assets on Canto

General Information

Platform: Code4rena

Start Date: 07/08/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 125

Period: 3 days

Judge: alcueca

Total Solo HM: 4

Id: 274

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 82/125

Findings: 1

Award: $9.82

QA:
grade-a

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: RED-LOTUS-REACH

Also found by: 0x3b, 0x4non, 0xCiphky, 0xDING99YA, 0xDetermination, 0xE1, 0xG0P1, 0xStalin, 0xWaitress, 0xbrett8571, 0xhacksmithh, 0xkazim, 0xmuxyz, 0xweb3boy, 14si2o_Flint, AlexCzm, Alhakista, Bube, Bughunter101, Deekshith99, Eeyore, Giorgio, HChang26, InAllHonesty, JP_Courses, KmanOfficial, MatricksDeCoder, Mike_Bello90, MrPotatoMagic, Naubit, QiuhaoLi, RHaO-sec, Raihan, Rolezn, SUPERMAN_I4G, Shubham, Silverskrrrt, Strausses, T1MOH, Topmark, Tripathi, Watermelon, _eperezok, aakansha, auditsea, audityourcontracts, ayden, carlos__alegre, castle_chain, cducrest, ch0bu, d23e, deadrxsezzz, deth, devival, erebus, fatherOfBlocks, halden, hassan-truscova, hpsb, hunter_w3b, imkapadia, immeas, jat, kaden, kaveyjoe, klau5, koxuan, kutugu, ladboy233, lanrebayode77, leasowillow, lsaudit, markus_ether, matrix_0wl, merlin, nemveer, ni8mare, nonseodion, oakcobalt, owadez, p_crypt0, pipidu83, piyushshukla, popular00, ppetrov, rjs, sandy, sl1, supervrijdag, tay054, thekmj, wahedtalash77, windhustler, zhaojie

Awards

9.8204 USDC - $9.82

Labels

bug
grade-a
QA (Quality Assurance)
Q-25

External Links

Link to GitHub issue

Assign a value to a variable that already has the same value stored

Impact

Assign a value to a variable that already has the same value stored

Proof of Concept

In the _checkpoint_lender function, the lastUserBalance is already stored in lendingMarketBalances[_market][_lender][lastUserUpdateEpoch].

Since i in the for-loop starts from lastUserUpdateEpoch, lendingMarketBalances[_market][_lender][i] = lastUserBalance; meas lendingMarketBalances[_market][_lender][lastUserUpdateEpoch] = lastUserBalance;

This is meaningless because it’s trying to store the same value as the already stored value.

uint256 lastUserBalance = lendingMarketBalances[_market][_lender][lastUserUpdateEpoch];
for (uint256 i = lastUserUpdateEpoch; i <= updateUntilEpoch; i += WEEK) {
    lendingMarketBalances[_market][_lender][i] = lastUserBalance;
}

https://github.com/code-423n4/2023-08-verwa/blob/498a3004d577c8c5d0c71bff99ea3a7907b5ec23/src/LendingLedger.sol#L70-L73

Same issue happens at _checkpoint_market function.

uint256 lastMarketBalance = lendingMarketTotalBalance[_market][lastMarketUpdateEpoch];
for (uint256 i = lastMarketUpdateEpoch; i <= updateUntilEpoch; i += WEEK) {
    lendingMarketTotalBalance[_market][i] = lastMarketBalance;
}

https://github.com/code-423n4/2023-08-verwa/blob/498a3004d577c8c5d0c71bff99ea3a7907b5ec23/src/LendingLedger.sol#L91-L94

Tools Used

vscode

Add WEEK when initializing i

  • for (uint256 i = lastUserUpdateEpoch; i <= updateUntilEpoch; i += WEEK) { β†’ for (uint256 i = lastUserUpdateEpoch + WEEK; i <= updateUntilEpoch; i += WEEK) {
  • for (uint256 i = lastMarketUpdateEpoch; i <= updateUntilEpoch; i += WEEK) { β†’ for (uint256 i = lastMarketUpdateEpoch + WEEK; i <= updateUntilEpoch; i += WEEK) {

#0 - c4-judge

2023-08-22T13:50:23Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter