Back to kutugu's contests

veRWA - kutugu's results

Incentivization Primitive for Real World Assets on Canto

General Information

Platform: Code4rena

Start Date: 07/08/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 125

Period: 3 days

Judge: alcueca

Total Solo HM: 4

Id: 274

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 74/125

Findings: 1

Award: $9.82

QA:
grade-a

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: RED-LOTUS-REACH

Also found by: 0x3b, 0x4non, 0xCiphky, 0xDING99YA, 0xDetermination, 0xE1, 0xG0P1, 0xStalin, 0xWaitress, 0xbrett8571, 0xhacksmithh, 0xkazim, 0xmuxyz, 0xweb3boy, 14si2o_Flint, AlexCzm, Alhakista, Bube, Bughunter101, Deekshith99, Eeyore, Giorgio, HChang26, InAllHonesty, JP_Courses, KmanOfficial, MatricksDeCoder, Mike_Bello90, MrPotatoMagic, Naubit, QiuhaoLi, RHaO-sec, Raihan, Rolezn, SUPERMAN_I4G, Shubham, Silverskrrrt, Strausses, T1MOH, Topmark, Tripathi, Watermelon, _eperezok, aakansha, auditsea, audityourcontracts, ayden, carlos__alegre, castle_chain, cducrest, ch0bu, d23e, deadrxsezzz, deth, devival, erebus, fatherOfBlocks, halden, hassan-truscova, hpsb, hunter_w3b, imkapadia, immeas, jat, kaden, kaveyjoe, klau5, koxuan, kutugu, ladboy233, lanrebayode77, leasowillow, lsaudit, markus_ether, matrix_0wl, merlin, nemveer, ni8mare, nonseodion, oakcobalt, owadez, p_crypt0, pipidu83, piyushshukla, popular00, ppetrov, rjs, sandy, sl1, supervrijdag, tay054, thekmj, wahedtalash77, windhustler, zhaojie

Awards

9.8204 USDC - $9.82

Labels

bug
grade-a
QA (Quality Assurance)
Q-53

External Links

Link to GitHub issue

Findings Summary

IDTitleSeverity
[L-01]The increaseAmount will refresh locked.endLow
[N-01]The Deposit event is triggered incorrectlyNon-Critical

Detailed Findings

[L-01] The increaseAmount will refresh newLocked.end

Description

    newLocked.amount += int128(int256(_value));
    newLocked.end = _floorToWeek(block.timestamp + LOCKTIME);

With a lockup period of up to 5 years for protocols, if increaseAmount refresh locke.end each time, this will greatly reduce the user's intention to do this in the mid to late period.

Recommendations

Don't refresh locked.end in increaseAmount

[N-01] The Deposit event is triggered incorrectly

Description

        emit Deposit(delegatee, _value, newLocked.end, LockAction.DELEGATE, block.timestamp);
    }
    emit Deposit(msg.sender, _value, unlockTime, action, block.timestamp);
  1. if delegatee != msg.sender, the Deposit event is triggered twice
  2. For the outer Deposit event, unlockTime should be newLocked.end

Recommendations

Fix the issues

#0 - c4-judge

2023-08-22T14:06:46Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter