Platform: Code4rena
Start Date: 24/07/2023
Pot Size: $100,000 USDC
Total HM: 18
Participants: 73
Period: 7 days
Judge: alcueca
Total Solo HM: 8
Id: 267
League: ETH
Rank: 12/73
Findings: 2
Award: $943.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
898.3463 USDC - $898.35
If a rewardtoken claim will revert than all process of multiple claim reward will revert
Claiming reward process give all tokens of MToken's all rewardTokens. If sendamount>0 and there is more token in contract than sended protocol will use token.transfer function. However rewardToken can be paused (or due to the any other reason) and will revert transfer and the all process of claimReward. Because of that users cannot claim any reward tokens due to one of them's issue.Moreover owner cannot solve this dos because there is no functionality for pop This token from list or change users rewardAmount to 0.Moreover he cannot use rescueFunds to make balanceOfToken to 0 and make sendRewards function's first condition (claimAmount>token.balanceOf(contract)) to escape transfer function because resueFunds function will be revert too when used.
manuel review
Give permission to comptroller admin to can be pop tokens for prevent dos.
DoS
#0 - 0xSorryNotSorry
2023-08-02T16:00:44Z
To the attention of the Judge;
Mistakenly missed this submission to dup under the primary. Should be under https://github.com/code-423n4/2023-07-moonwell-findings/issues/320 as per the root cause.
#1 - c4-pre-sort
2023-08-02T16:00:49Z
0xSorryNotSorry marked the issue as low quality report
#2 - c4-judge
2023-08-12T21:55:34Z
alcueca marked the issue as satisfactory
#3 - alcueca
2023-08-12T21:57:50Z
Not actually a duplicate of #320. The mitigation is also different.
#4 - alcueca
2023-08-12T21:58:49Z
Marking it out unsatisfactory due to the really low quality, but @ElliotFriedman please have a look anyway.
#5 - c4-judge
2023-08-12T21:58:55Z
alcueca marked the issue as unsatisfactory: Insufficient quality
#6 - merteren1234
2023-08-22T23:42:59Z
I think i indicated same problem with issue 320. Because in this issue's vulnarabilitie's root cause is user's cannot take their reward tokens if there is some problematic token in user's colleteral token's rewardToken array. I also indicated that, admin cannot fix that issue with using admin functions.Because there is just only way to skip dos token and this is transfer this tokens form contract with using claimFund function(because if rewardToken.balanceOf(address(this)) less than user's reward amount than protocol skip so if admin can withdraw all tokens than user's can take other tokens) (also there is no admin function to manipulate array of mToken rewardTokens).However admin cannot use claimToken because claimtoken will be reverted too when used.So there is no way to escape from dos.
#7 - alcueca
2023-08-23T20:25:43Z
True, after reading it again with a bit of help from chatGPT, I can see that this is a duplicate of #320
#8 - c4-judge
2023-08-23T20:25:51Z
alcueca marked the issue as duplicate of #320
#9 - c4-judge
2023-08-23T20:25:57Z
alcueca marked the issue as satisfactory
#10 - c4-judge
2023-08-23T20:30:14Z
alcueca marked the issue as partial-50
🌟 Selected for report: immeas
Also found by: 0x70C9, 0xAnah, 0xArcturus, 0xComfyCat, 0xWaitress, 0xackermann, 0xkazim, 2997ms, 33audits, Arz, Aymen0909, ChrisTina, JP_Courses, John_Femi, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Nyx, Rolezn, Sathish9098, Stormreckson, T1MOH, Tendency, Topmark, Udsen, Vagner, albertwh1te, ast3ros, banpaleo5, berlin-101, catellatech, cats, codetilda, cryptonue, eeshenggoh, fatherOfBlocks, hals, jamshed, jaraxxus, josephdara, kankodu, kodyvim, kutugu, lanrebayode77, mert_eren, nadin, naman1778, niki, petrichor, ravikiranweb3, said, solsaver, souilos, twcctop, wahedtalash77
44.8793 USDC - $44.88
Protocol cannot use as tokens which has decimals more than 18 as mToken colleteral because oracle revert when getprice due to 18-decimals will cause arithmetic overflow.
manuel review
instead of this : uint256 decimalDelta = uint256(18).sub(uint256(token.decimals())); // Ensure that we don't multiply the result by 0 if (decimalDelta > 0) { return price.mul(10 ** decimalDelta); } else { return price; } use this: if (token.decimals()>18){ return price.mul(10**(token.decimals()-18);
} else if(token.decimals()<18){ return price.mul(10**(18-token.deciamls()); } else{ return price; }
Decimal
#0 - c4-pre-sort
2023-08-03T13:46:02Z
0xSorryNotSorry marked the issue as duplicate of #270
#1 - c4-judge
2023-08-12T22:09:06Z
alcueca changed the severity to QA (Quality Assurance)
#2 - c4-judge
2023-08-12T22:09:34Z
alcueca marked the issue as grade-a