Open Dollar - nican0r's results

A floating $1.00 pegged stablecoin backed by Liquid Staking Tokens with NFT controlled vaults.

General Information

Platform: Code4rena

Start Date: 18/10/2023

Pot Size: $36,500 USDC

Total HM: 17

Participants: 77

Period: 7 days

Judge: MiloTruck

Total Solo HM: 5

Id: 297

League: ETH

Open Dollar

Findings Distribution

Researcher Performance

Rank: 35/77

Findings: 1

Award: $102.21

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Open Dollar

Findings Information

🌟 Selected for report: klau5

Also found by: 0x6d6164616e, Arz, T1MOH, immeas, josephdara, nican0r, tnquanghuy0512

Labels

bug

2 (Med Risk)

low quality report

satisfactory

duplicate-156

Awards

102.2123 USDC - $102.21

External Links

Link to GitHub issue

Lines of code

https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/libraries/OracleLibrary.sol#L16-L41 https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/libraries/OracleLibrary.sol#L74-L88 https://github.com/CamelotLabs/core/blob/b51753e816de02e591acb2c07dc9eed7a4179a68/contracts/CamelotPair.sol#L10

Vulnerability details

Impact

The CamelotRelayer uses the OracleLibrary as an interface for accessing oracle data from the CamelotPair contract which is the Camelot DEX's equivalent of a pool using the OracleLibrary from UniSwapV3Pool's periphery contracts but because the CamelotPair doesn't implement the same interface as a UniSwapV3Pool calls to the CamelotRelayer's functions will revert.

Proof of Concept

Calling the getResultWithValidity function in CamelotRelayer tries to call the getOldestObservationSecondsAgo and consult functions in the OracleLibrary.

However when the getOldestObservationSecondsAgo tries to call the observations variable on IUniswapV3Pool it will revert because there is no observations variable defined on the CamelotPair pool.

The same applies to the consult function which tries to call the observe function on the CamelotPair pool which doesn't define this function.

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a CamelotRelayer that uses the interface of the CamelotPair to retrieve values.

Assessed type

Context

#0 - c4-pre-sort
2023-10-26T19:42:06Z

raymondfam marked the issue as low quality report

#1 - c4-pre-sort
2023-10-26T19:42:17Z

raymondfam marked the issue as duplicate of #119

#2 - c4-judge
2023-11-02T06:15:11Z

MiloTruck marked the issue as not a duplicate

#3 - c4-judge
2023-11-02T06:16:02Z

MiloTruck marked the issue as duplicate of #156

#4 - c4-judge
2023-11-02T08:46:12Z

MiloTruck marked the issue as satisfactory

Open Dollar - nican0r's results

A floating $1.00 pegged stablecoin backed by Liquid Staking Tokens with NFT controlled vaults.

General Information

Findings Distribution

Researcher Performance

External Links

[M-14] CamelotRelayer uses wrong interface for CamelotPair - $102.21

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Assessed type

#0 - c4-pre-sort2023-10-26T19:42:06Z

#1 - c4-pre-sort2023-10-26T19:42:17Z

#2 - c4-judge2023-11-02T06:15:11Z

#3 - c4-judge2023-11-02T06:16:02Z

#4 - c4-judge2023-11-02T08:46:12Z

#0 - c4-pre-sort
2023-10-26T19:42:06Z

#1 - c4-pre-sort
2023-10-26T19:42:17Z

#2 - c4-judge
2023-11-02T06:15:11Z

#3 - c4-judge
2023-11-02T06:16:02Z

#4 - c4-judge
2023-11-02T08:46:12Z