Back to nadin's contests

Ethereum Credit Guild - nadin's results

A trust minimized pooled lending protocol.

General Information

Platform: Code4rena

Start Date: 11/12/2023

Pot Size: $90,500 USDC

Total HM: 29

Participants: 127

Period: 17 days

Judge: TrungOre

Total Solo HM: 4

Id: 310

League: ETH

Ethereum Credit Guild

Findings Distribution

Researcher Performance

Rank: 109/127

Findings: 1

Award: $20.82

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEthereum Credit Guild

Findings Information

🌟 Selected for report: SBSecurity

Also found by: 0xaltego, 0xbepresent, Aymen0909, Bauchibred, Cosine, EVDoc, EloiManuel, HighDuty, Sathish9098, Tendency, Timeless, ZanyBonzy, beber89, deliriusz, ether_sky, grearlake, hals, klau5, lsaudit, nadin, rvierdiiev, tsvetanovv

Awards

20.8157 USDC - $20.82

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
sufficient quality report
duplicate-816
Q-11

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/governance/LendingTermOffboarding.sol#L36 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/governance/LendingTermOffboarding.sol#L95 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/governance/LendingTermOffboarding.sol#L121

Vulnerability details

Impact

The current value of POLL_DURATION_BLOCKS is incorrect resulting in checking for poll active in the proposeOffboard() function and poll expired in the supportOffboard() function not working as expected.

Proof of Concept

36:    uint256 public constant POLL_DURATION_BLOCKS = 46523; // ~7 days @ 13s/block // @audit must be 12s/blocks

>>> 7*24*60*60 / 13    # 7 days / 13 sec block period
46523.076923
>>> 7*24*60*60 / 12    # 7 days / 12 sec block period
50400
>>> 50400 - 46523      # difference in blocks
3877
>>> 3877 * 12 / (60 * 60) # difference in hours
12.92
  • By using block time of 13 seconds, POLL_DURATION_BLOCKS expires 12.92 hours earlier than is expected.
  • 12.92 hours is a significant amount of time difference so I believe this issue to be Medium severity.
  • The votingPeriod() function in GuildVetoGovernor.sol also uses 13s for a block but this function is not used.
    function votingPeriod() public pure override returns (uint256) {
        return 2425847; // ~1 year with 1 block every 13s @audit should be 365*24*60*60 / 12 = 2628000
    }

Tools Used

Manual review

Change the block period to be 12 seconds

--- 36:    uint256 public constant POLL_DURATION_BLOCKS = 46523
+++ 36:    uint256 public constant POLL_DURATION_BLOCKS = 50400

---    function votingPeriod() public pure override returns (uint256) {
---     return 2425847; // ~1 year with 1 block every 13s
+++    function votingPeriod() public pure override returns (uint256) {
+++     return 2628000; // ~1 year with 1 block every 12s

Assessed type

Timing

#0 - c4-pre-sort

2023-12-29T19:53:12Z

0xSorryNotSorry marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-12-29T19:53:17Z

0xSorryNotSorry marked the issue as primary issue

#2 - c4-pre-sort

2023-12-29T20:01:34Z

0xSorryNotSorry marked the issue as duplicate of #816

#3 - c4-judge

2024-01-24T22:06:11Z

Trumpero changed the severity to QA (Quality Assurance)

#4 - c4-judge

2024-01-25T07:56:04Z

Trumpero marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter