Back to leastwood's contests

BadgerDAO ibBTC Wrapper contest - leastwood's results

Building Products to Bring BTC to DeFi.

General Information

Platform: Code4rena

Start Date: 28/10/2021

Pot Size: $30,000 ETH

Total HM: 8

Participants: 19

Period: 3 days

Judge: leastwood

Total Solo HM: 4

Id: 47

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 19/19

Findings: 1

Award: $0.00

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBadgerDAO

Findings Information

🌟 Selected for report: hyh

Also found by: WatchPug, cmichel, gpersoon, hack3r-0m, kenzo, leastwood, loop

Labels

bug
duplicate
3 (High Risk)
sponsor confirmed

Awards

0 USDC - $0.00

External Links

Link to GitHub issue

Handle

leastwood

Vulnerability details

Impact

The live ibBTC price for each share is cached to reduce gas costs of mint, burn and transfer operations. The updatePricePerShare() function is intended to be called on a regular interval, however, there is no incentive that this value is regularly updated. Hence, the functions within the WrappedIbbtcEth.sol contract may operate on outdated/old values for pricePerShare.

Proof of Concept

https://github.com/code-423n4/2021-10-badgerdao/blob/main/contracts/WrappedIbbtcEth.sol#L72-L77

Tools Used

Manual code review

Consider integrating Chainlink keepers to further incentivize price updates through regular upkeeps. Alternatively, this can be implemented internally, using Badger tokens as a form of payment for work done with upkeeps.

#0 - 0xleastwood

2021-12-04T05:46:47Z

Duplicated with #86

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter