Asymmetry contest - mert_eren's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Platform: Code4rena

Start Date: 24/03/2023

Pot Size: $49,200 USDC

Total HM: 20

Participants: 246

Period: 6 days

Judge: Picodes

Total Solo HM: 1

Id: 226

League: ETH

Asymmetry Finance

Findings Distribution

Researcher Performance

Rank: 224/246

Findings: 1

Award: $3.49

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Asymmetry Finance

Findings Information

🌟 Selected for report: monrel

Also found by: 0xRajkumar, 0xfusion, AkshaySrivastav, Bahurum, Brenzee, Cryptor, Dug, Haipls, Koolex, Krace, MiloTruck, RaymondFam, RedTiger, ToonVH, Tricko, Vagner, aga7hokakological, anodaram, bart1e, bin2chen, bytes032, carrotsmuggler, ck, d3e4, giovannidisiena, igingu, juancito, mahdirostami, mert_eren, n33k, nemveer, parsely, pavankv, sashik_eth, shaka, sinarette, ulqiorra, yac

Awards

3.4908 USDC - $3.49

Labels

bug

3 (High Risk)

low quality report

satisfactory

duplicate-1098

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/SafEth.sol#L77-L101

Vulnerability details

Impact

When totalsuply=0 in safeth contract, there is a inflation attack risk.

Proof of Concept

Attack steps are:

malicious user see normal user pending stake function with msg.value:1 ether(1 ether just for give number.). 2)malicious user frontrun first stake 0.5ether stake and unstake 0.5ether-1 so totalsupply=1 right now. 3)malicious user send derivative token value of 1 eth to corresponding corresponding contract in system. 4)After that totalSupply=1 and underLyingValue=1 ether+1 5)Normal user's 1 eth will go to contract and take 1018*1/(1018+1)=0 token. 6)Now malicious user can unstake 1 token and take 2 ether(1 ether come from normal user's so hacker steal it.)

Tools Used

Recommended Mitigation Steps

Protocol can make first deposit for preventing this attack.

#0 - c4-pre-sort
2023-04-01T08:28:09Z

0xSorryNotSorry marked the issue as low quality report

#1 - c4-pre-sort
2023-04-04T12:47:05Z

0xSorryNotSorry marked the issue as duplicate of #715

#2 - c4-judge
2023-04-21T14:56:47Z

Picodes marked the issue as satisfactory

Asymmetry contest - mert_eren's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Findings Distribution

Researcher Performance

External Links

[H-01] Inflaiton attack - $3.49

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - c4-pre-sort2023-04-01T08:28:09Z

#1 - c4-pre-sort2023-04-04T12:47:05Z

#2 - c4-judge2023-04-21T14:56:47Z

#0 - c4-pre-sort
2023-04-01T08:28:09Z

#1 - c4-pre-sort
2023-04-04T12:47:05Z

#2 - c4-judge
2023-04-21T14:56:47Z