Back to n0kto's contests

DYAD - n0kto's results

The first capital efficient overcollateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 18/04/2024

Pot Size: $36,500 USDC

Total HM: 19

Participants: 183

Period: 7 days

Judge: Koolex

Id: 367

League: ETH

DYAD

Findings Distribution

Researcher Performance

Rank: 112/183

Findings: 2

Award: $7.63

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDYAD

Findings Information

🌟 Selected for report: Maroutis

Also found by: 0x486776, 0xShitgem, 0xabhay, 0xleadwizard, 0xlemon, 0xnilay, 0xtankr, 3docSec, AM, Aamir, Abdessamed, Al-Qa-qa, AlexCzm, Circolors, CodeWasp, Daniel526, Egis_Security, Emmanuel, Giorgio, Honour, Hueber, Infect3d, Krace, KupiaSec, LeoGold, Limbooo, PoeAudits, SBSecurity, SpicyMeatball, T1MOH, The-Seraphs, TheSavageTeddy, TheSchnilch, Topmark, VAD37, ZanyBonzy, adam-idarrha, bhilare_, btk, carlitox477, cinderblock, dimulski, falconhoof, grearlake, gumgumzum, iamandreiski, itsabinashb, josephdara, ke1caM, kennedy1030, ljj, n0kto, n4nika, neocrao, oakcobalt, petro_1912, pontifex, poslednaya, shaflow2, shikhar229169, web3km, ych18, zhaojohnson, zigtur

Awards

0.2831 USDC - $0.28

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
:robot:_08_group
duplicate-1133

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/script/deploy/Deploy.V2.s.sol#L64-L65 https://github.com/code-423n4/2024-04-dyad/blob/main/script/deploy/Deploy.V2.s.sol#L93-L98

Vulnerability details

Description

During the deployment script, incorrect vaults are added to the Kerosene Manager and Vault Licenser:

@>        keroseneManager.add(address(ethVault));
@>        keroseneManager.add(address(wstEth));

        ...

@>        vaultLicenser.add(address(unboundedKeroseneVault));

@>        // vaultLicenser.add(address(boundedKeroseneVault));

This allows the same vault to be added twice via VaultManagerV2::add and VaultManagerV2::addKerosene. Any token will be counted twice in collatRatio due to getTotalUsdValue.

Furthermore, boundedKeroseneVault and unboundedKeroseneVault are not added to the correct manager.

Risk

Likelihood: High

  • Any attacker can add the same vault as a normal vault and a kerosene vault.

Impact: High

  • Any users under the collateral ratio won't be liquidated.

Only add necessary vaults to the correct licenser/manager. Implement a check to ensure each vault is only counted once in the collateral calculation.

Assessed type

Other

#0 - c4-pre-sort

2024-04-29T05:25:51Z

JustDravee marked the issue as duplicate of #70

#1 - c4-pre-sort

2024-04-29T12:02:26Z

JustDravee marked the issue as sufficient quality report

#2 - c4-judge

2024-05-11T19:58:22Z

koolexcrypto marked the issue as satisfactory

#3 - c4-judge

2024-05-12T11:21:39Z

koolexcrypto marked the issue as not a duplicate

#4 - c4-judge

2024-05-12T11:21:51Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#5 - n0kto

2024-05-16T14:23:41Z

Hi, Hope you’re doing well! I don’t understand why it is not a duplicate of #70 anymore and why did you invalidate it ?

#6 - koolexcrypto

2024-05-22T15:54:33Z

Hi @n0kto

Thank you for your feedback.

#70 seems different. However, I believe this seems valid and a dup of other issues I went through already. will double check.

#7 - c4-judge

2024-05-29T10:03:27Z

koolexcrypto removed the grade

#8 - c4-judge

2024-05-29T10:03:36Z

koolexcrypto marked the issue as duplicate of #1133

#9 - c4-judge

2024-05-29T10:03:54Z

koolexcrypto marked the issue as satisfactory

Findings Information

🌟 Selected for report: TheSavageTeddy

Also found by: 0x175, 0x486776, 0xnev, AamirMK, AlexCzm, ArmedGoose, BiasedMerc, CaeraDenoir, Egis_Security, Jorgect, KYP, MrPotatoMagic, PoeAudits, SBSecurity, SovaSlava, VAD37, adam-idarrha, alix40, carrotsmuggler, d_tony7470, dimulski, grearlake, josephdara, ljj, n0kto, okolicodes, sashik_eth, sil3th, turvy_fuzz

Awards

7.3512 USDC - $7.35

Labels

bug
2 (Med Risk)
satisfactory
sufficient quality report
edited-by-warden
:robot:_39_group
duplicate-118

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L94-L104

Vulnerability details

Description

The remove function expects the user to not have any assets in the vault. However, someone can frontrun it and deposit 1 wei to prevent the user from removing a vault. The ability to remove a vault is crucial when adding new ones, as there is a maximum limit of 5.

    function remove(uint id, address vault) external isDNftOwner(id) {
@>        if (Vault(vault).id2asset(id) > 0) revert VaultHasAssets();
        if (!vaults[id].remove(vault)) revert VaultNotAdded();
        emit Removed(id, vault);
    }

Risk

Likelihood: Low

  • An attacker would need to target a specific person and pay for gas.

Impact: High

  • A user might be unable to remove a vault.

A user can add a previous vault and retrieve all their assets, so this condition is not necessary. Allow users to remove any vaults they want.

Assessed type

MEV

#0 - c4-pre-sort

2024-04-29T07:44:19Z

JustDravee marked the issue as duplicate of #489

#1 - c4-pre-sort

2024-04-29T09:32:23Z

JustDravee marked the issue as sufficient quality report

#2 - c4-judge

2024-05-05T20:38:16Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#3 - c4-judge

2024-05-05T20:39:25Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2024-05-05T21:33:59Z

koolexcrypto marked the issue as nullified

#5 - c4-judge

2024-05-05T21:34:04Z

koolexcrypto marked the issue as not nullified

#6 - c4-judge

2024-05-05T21:34:11Z

koolexcrypto marked the issue as not a duplicate

#7 - c4-judge

2024-05-06T08:54:53Z

koolexcrypto marked the issue as duplicate of #118

#8 - c4-judge

2024-05-11T12:24:08Z

koolexcrypto marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter