Platform: Code4rena
Start Date: 11/05/2022
Pot Size: $150,000 USDC
Total HM: 23
Participants: 93
Period: 14 days
Judge: LSDan
Total Solo HM: 18
Id: 123
League: ETH
Rank: 93/93
Findings: 1
Award: $83.25
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, BowTiedWardens, CertoraInc, DavidGialdi, FSchmoede, Fitraldys, Funen, GimelSec, Hawkeye, JC, Kaiziron, Kthere, MaratCerby, MiloTruck, NoamYakov, QuantumBrief, Randyyy, Ruhum, SmartSek, SooYa, Tadashi, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, bobirichman, c3phas, catchup, csanuragjain, cthulhu_cult, defsec, delfin454000, ellahi, fatherOfBlocks, hansfriese, hyh, jayjonah8, joestakey, kenta, marcopaladin, mics, minhquanym, orion, oyc_109, reassor, rfa, robee, sach1r0, samruna, sashik_eth, sikorico, simon135, unforgiven, z3s, zmj
83.2512 USDC - $83.25
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L101
Minting through the mint function of the Aura token is impossible due to a wrongful fork of the Cvx token. This would require a complete redeployment to revive functionality to the Aura token's mint function.
During each mint, the following calculation is made:
uint256 emissionsMinted = totalSupply() - EMISSIONS_MAX_SUPPLY - minterMinted;
However, initially, totalSupply() is either just the _amount parameter from the initializer, which is likely way lower than EMISSIONS_MAX_SUPPLY. This causes the aforementioned line of code on line 101 to underflow with almost a guarantee and will cause all dependencies on the mint function (which we assume are a lot) to not function.
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L101
To reproduce the issue: It suffices to deploy Aura and initialize it. Any call to mint will than underflow due to the arithmetic on line 101.
Manual analysis.
Consider reverting to the original Convex token code for the mint function.
#0 - 0xMaharishi
2022-05-19T09:41:38Z
The deploySystem script always passes a value of 5e25 to the init fn, and the system therefore works as intended. However you are right in that there is room for a bug here if the deploy script is misconfigured. We should have the init fn hard coded to 50m
#1 - 0xMaharishi
2022-05-25T17:30:53Z
Again, the sensationalist language used in this report is way off. You can see in the deploy script that init is called with 5e25. We should have an explicit check to run this though.
#2 - 0xMaharishi
2022-05-25T17:31:30Z
I recommend this being a 0 or 1 severity. No funds can be touched and nothing back can really happen because its only a potential configuration issue
#3 - dmvt
2022-06-20T18:00:06Z
I'm downgrading this to a gas issue because the impact of it happening would be that the sponsor would have to redeploy and waste gas. No funds are at risk.