Hubble contest - minhquanym's results

Multi-collateral/Cross-Margin Perpetual Futures on Avalanche.

General Information

Platform: Code4rena

Start Date: 17/02/2022

Pot Size: $75,000 USDC

Total HM: 20

Participants: 39

Period: 7 days

Judges: moose-code, JasoonS

Total Solo HM: 13

Id: 89

League: ETH

Hubble

Findings Distribution

Researcher Performance

Rank: 17/39

Findings: 2

Award: $750.47

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Hubble

Findings Information

🌟 Selected for report: danb

Also found by: Meta0xNull, Ruhum, cmichel, csanuragjain, hyh, kirk-baird, leastwood, minhquanym, robee, throttle

Labels

bug

duplicate

3 (High Risk)

Awards

242.812 USDC - $242.81

External Links

Link to GitHub issue

1. VUSD.sol - withdrawals list can become too large so normal users will cost more gas to withdraw.

Impact

Function withdraw() do not have check for amount > 0, an user can call it infinite time and make withdrawal list too large
And because the function processWithdrawals() processes withdrawals in increasing order from the beginning of the withdrawal list. When a normal user wants to withdraw, they have to call the processWithdrawals() function multiple times to process all previous withdrawals.

Proof of Concept

Call function withdraw() with input amount = 0 multiple times.

Recommended Mitigation Steps

Add the check for amount > 0 in function withdraw()

#0 - atvanguard
2022-02-26T06:58:32Z

Duplcate of #119

#1 - moose-code
2022-03-05T16:41:29Z

Going to circle back but my initial thoughts are the severity should be upgraded here.

#2 - moose-code
2022-03-06T14:22:28Z

Promote this users severity

Findings Information

🌟 Selected for report: 0xliumin

Also found by: WatchPug, hyh, minhquanym

Labels

bug

duplicate

2 (Med Risk)

Awards

507.6595 USDC - $507.66

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/MarginAccount.sol#L377

Vulnerability details

Impact

MarginAccount.sol - Line 377, token asset is transferred into insuranceFund but not found any function to transfer asset out of insuranceFund.

Proof of Concept

Add any ERC20 token to Collateral list
Call settleBadDebt()

Recommended Mitigation Steps

Add function to transfer / approve any ERC20 token with role Admin

#0 - atvanguard
2022-02-24T07:12:22Z

Duplicate of #128

Hubble contest - minhquanym's results

Multi-collateral/Cross-Margin Perpetual Futures on Avalanche.

General Information

Findings Distribution

Researcher Performance

External Links

[H-02] QA Report - $242.81

Findings Information

Labels

Awards

External Links

1. VUSD.sol - withdrawals list can become too large so normal users will cost more gas to withdraw.

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - atvanguard2022-02-26T06:58:32Z

#1 - moose-code2022-03-05T16:41:29Z

#2 - moose-code2022-03-06T14:22:28Z

[M-13] MarginAccount.sol - Asset transfer to insuranceFund is lost. - $507.66

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - atvanguard2022-02-24T07:12:22Z

#0 - atvanguard
2022-02-26T06:58:32Z

#1 - moose-code
2022-03-05T16:41:29Z

#2 - moose-code
2022-03-06T14:22:28Z

#0 - atvanguard
2022-02-24T07:12:22Z