Back to nadin's contests

Livepeer Onchain Treasury Upgrade - nadin's results

Decentralized video infrastructure protocol powering video in web3's leading social and media applications.

General Information

Platform: Code4rena

Start Date: 31/08/2023

Pot Size: $55,000 USDC

Total HM: 5

Participants: 30

Period: 6 days

Judge: hickuphh3

Total Solo HM: 2

Id: 282

League: ETH

Livepeer

Findings Distribution

Researcher Performance

Rank: 21/30

Findings: 1

Award: $62.87

QA:
grade-b

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLivepeer

Findings Information

🌟 Selected for report: Proxy

Also found by: Banditx0x, DavidGiladi, favelanky, ladboy233, nadin, rvierdiiev

Labels

bug
disagree with severity
downgraded by judge
grade-b
QA (Quality Assurance)
sponsor confirmed
sufficient quality report
Q-03

Awards

62.8682 USDC - $62.87

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-08-livepeer/blob/main/contracts/bonding/BondingManager.sol#L1-L1674

Vulnerability details

Impact

Users usually go to the docs & specification to see how to integrate a project. Currently the documentation and the code do not match.

Proof of Concept

Parameters
contract BondingManager {
    function treasuryRewardCut() external view returns (uint256);
    function setTreasuryRewardCut(uint256 _value) external; // @audit this is NOT the setTreasuryRewardCut and _value, it's the setTreasuryRewardCutRate and _cutRate.

    function nextRoundTreasuryRewardCut() external view returns (uint256);

    function treasuryBalanceCeiling() external view returns (uint256);
    function setTreasuryBalanceCeiling(uint256 _value) external; // @audit this is NOT the _value, it's the _ceiling.

}
  1. The current implementation of the BondingManager.sol contract does not have the function treasuryRewardCut().
  2. The current implementation of the BondingManager.sol contract does not have the function setTreasuryRewardCut(). Instead there is a setTreasuryRewardCutRate() function : here
File: BondingManager.sol
167:    function setTreasuryRewardCutRate(uint256 _cutRate) external onlyControllerOwner {
168:        _setTreasuryRewardCutRate(_cutRate);
169:    }
  1. The current implementation of the BondingManager.sol contract does not have the function nextRoundTreasuryRewardCut()
  2. The current implementation of the BondingManager.sol contract does not have the function treasuryBalanceCeiling().
  3. Wrong setTreasuryBalanceCeiling() interface :
  • In Spec :
function setTreasuryBalanceCeiling(uint256 _value) external // @audit this is NOT the _value, it's the _ceiling.
  • In BondingManager.sol : here
File: BondingManager.sol
176:    function setTreasuryBalanceCeiling(uint256 _ceiling) external onlyControllerOwner {

Tools Used

Manual review

Use the correct docs by fixing the mentioned issues.

Assessed type

Other

#0 - 141345

2023-09-08T15:58:42Z

no significant impact/loss

QA is more appropriate.

#1 - c4-pre-sort

2023-09-09T14:53:22Z

141345 marked the issue as sufficient quality report

#2 - victorges

2023-09-15T17:54:06Z

Agreed on QA.

#3 - c4-sponsor

2023-09-15T17:54:15Z

victorges marked the issue as disagree with severity

#4 - c4-sponsor

2023-09-15T17:54:19Z

victorges (sponsor) acknowledged

#5 - HickupHH3

2023-09-18T07:47:12Z

downgrading to L

#6 - c4-judge

2023-09-18T07:47:17Z

HickupHH3 changed the severity to QA (Quality Assurance)

#7 - c4-sponsor

2023-09-21T00:06:25Z

victorges (sponsor) confirmed

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter