Back to kutugu's contests

AI Arena - kutugu's results

In AI Arena you train an AI character to battle in a platform fighting game. Imagine a cross between PokΓ©mon and Super Smash Bros, but the characters are AIs, and you can train them to learn almost any skill in preparation for battle.

General Information

Platform: Code4rena

Start Date: 09/02/2024

Pot Size: $60,500 USDC

Total HM: 17

Participants: 283

Period: 12 days

Judge:

Id: 328

League: ETH

AI Arena

Findings Distribution

Researcher Performance

Rank: 117/283

Findings: 2

Award: $29.15

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAI Arena

Findings Information

🌟 Selected for report: Aamir

Also found by: 0rpse, 0x11singh99, 0x13, 0xAlix2, 0xAsen, 0xBinChook, 0xCiphky, 0xE1, 0xKowalski, 0xLogos, 0xWallSecurity, 0xaghas, 0xbranded, 0xlemon, 0xlyov, 0xpoor4ever, 0xprinc, 0xvj, ADM, Aymen0909, BARW, Bauchibred, Breeje, CodeWasp, DMoore, DeFiHackLabs, Draiakoo, Fulum, GhK3Ndf, Greed, Jorgect, Josh4324, Kalogerone, KmanOfficial, Krace, Limbooo, McToady, MidgarAudits, MrPotatoMagic, PedroZurdo, Pelz, Ryonen, SovaSlava, SpicyMeatball, Tendency, Timenov, ZanyBonzy, _eperezok, al88nsk, alexxander, alexzoid, aslanbek, blutorque, btk, cartlex_, cats, csanuragjain, deadrxsezzz, denzi_, devblixt, dimulski, djxploit, erosjohn, evmboi32, fnanni, grearlake, haxatron, hulkvision, immeas, israeladelaja, jaydhales, jesjupyter, jnforja, josephdara, juancito, kiqo, klau5, korok, krikolkk, ktg, kutugu, ladboy233, lil_eth, m4ttm, matejdb, merlinboii, n0kto, ni8mare, novamanbg, nuthan2x, oualidpro, pa6kuda, peter, petro_1912, pkqs90, pynschon, sandy, sashik_eth, shaflow2, shaka, sobieski, soliditywala, solmaxis69, stackachu, tallo, thank_you, tpiliposian, ubl4nk, visualbits, vnavascues, web3pwn, xchen1130, zhaojohnson

Awards

0.0037 USDC - $0.00

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
duplicate-575

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/GameItems.sol#L301

Vulnerability details

Impact

safeBatchTransferFrom is not restricted by transferable variable

Proof of Concept

    function testBypassTransferability() public {
        _fundUserWith4kNeuronByTreasury(_ownerAddress);
        _gameItemsContract.mint(0, 2); //paying 2 $NRN for 2 batteries
        _gameItemsContract.adjustTransferability(0, false);
        (,, bool transferable,,,) = _gameItemsContract.allGameItemAttributes(0);
        assertEq(transferable, false);

        // @audit safeTransferFrom can prevent
        vm.expectRevert();
        _gameItemsContract.safeTransferFrom(address(this), address(0xdead), 0, 2, "");
        // @audit safeBatchTransferFrom can NOT prevent
        uint256[] memory ids = new uint256[](1);
        ids[0] = 0;
        uint256[] memory values = new uint256[](1);
        values[0] = 2;
        _gameItemsContract.safeBatchTransferFrom(address(this), address(0xdead), ids, values, "");
    }

Tools Used

Foundry

safeBatchTransferFrom should also be overridden

Assessed type

Context

#0 - c4-pre-sort

2024-02-25T03:15:43Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-02-25T03:15:52Z

raymondfam marked the issue as duplicate of #18

#2 - c4-pre-sort

2024-02-26T00:27:43Z

raymondfam marked the issue as duplicate of #575

#3 - c4-judge

2024-03-05T04:52:12Z

HickupHH3 marked the issue as satisfactory

Findings Information

🌟 Selected for report: nuthan2x

Also found by: 0xE1, 0xblackskull, 0xgrbr, 0xvj, Greed, McToady, MidgarAudits, PetarTolev, Sabit, SovaSlava, SpicyMeatball, Timenov, Tychai0s, _eperezok, alexxander, btk, c0pp3rscr3w3r, favelanky, jesjupyter, josephdara, juancito, klau5, kutugu, lil_eth, merlinboii, pynschon, sandy, shaflow2, zaevlad

Awards

29.1474 USDC - $29.15

Labels

bug
2 (Med Risk)
insufficient quality report
satisfactory
duplicate-1507

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/Neuron.sol#L93-L112

Vulnerability details

Impact

Neuron cannot remove privileged role. If some roles do evil or have their private keys leaked. They will arbitrarily mint and consume tokens, seriously damaging the economic system.

Proof of Concept

    function addMinter(address newMinterAddress) external {
        require(msg.sender == _ownerAddress);
        _setupRole(MINTER_ROLE, newMinterAddress);
    }

    function addStaker(address newStakerAddress) external {
        require(msg.sender == _ownerAddress);
        _setupRole(STAKER_ROLE, newStakerAddress);
    }

    function addSpender(address newSpenderAddress) external {
        require(msg.sender == _ownerAddress);
        _setupRole(SPENDER_ROLE, newSpenderAddress);
    }

Neuron only exposes the interface for adding privileged roles, but does not expose the interface for removing privileged roles. If some privileged roles do evil or their private keys are leaked, these roles cannot be removed.

Tools Used

Manual review

Set DEFAULT_ADMIN_ROLE or add interfaces to remove privileged roles

Assessed type

Access Control

#0 - c4-pre-sort

2024-02-25T04:38:20Z

raymondfam marked the issue as insufficient quality report

#1 - c4-pre-sort

2024-02-25T04:38:58Z

raymondfam marked the issue as duplicate of #47

#2 - c4-judge

2024-03-08T03:31:22Z

HickupHH3 marked the issue as not a duplicate

#3 - c4-judge

2024-03-08T03:31:41Z

HickupHH3 marked the issue as duplicate of #1507

#4 - c4-judge

2024-03-08T03:31:44Z

HickupHH3 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter