Frankencoin - p0wd3r's results

A decentralized and fully collateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 12/04/2023

Pot Size: $60,500 USDC

Total HM: 21

Participants: 199

Period: 7 days

Judge: hansfriese

Total Solo HM: 5

Id: 231

League: ETH

Frankencoin

Findings Distribution

Researcher Performance

Rank: 166/199

Findings: 1

Award: $22.60

QA:

grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Frankencoin

Findings Information

🌟 Selected for report: juancito

Also found by: 0xAgro, 0xNorman, 0xSmartContract, 0xStalin, 0xTheC0der, 0xWaitress, 0xhacksmithh, 0xnev, 3dgeville, 8olidity, Arz, Aymen0909, BGSecurity, BRONZEDISC, Bauchibred, Bauer, BenRai, ChainHunters, ChrisTina, CodeFoxInc, DedOhWale, DishWasher, EloiManuel, IceBear, Inspex, Jorgect, Kaysoft, LeoGold, LewisBroadhurst, Madalad, MiloTruck, MohammedRizwan, Nyx, Polaris_tow, RaymondFam, SaharDevep, SanketKogekar, Sathish9098, SolidityATL, Udsen, W0RR1O, aria, ayden, berlin-101, bin2chen, catellatech, codeslide, crc32, decade, descharre, evmboi32, eyexploit, fatherOfBlocks, georgits, giovannidisiena, joestakey, karanctf, kodyvim, ltyu, lukris02, m9800, matrix_0wl, mov, mrpathfindr, nadin, niser93, p0wd3r, parlayan_yildizlar_takimi, pavankv, pontifex, qpzm, ravikiranweb3, rbserver, santipu_, shealtielanz, slvDev, tnevler, wonjun, xmxanuel, yixxas

Awards

22.6007 USDC - $22.60

Labels

bug

grade-b

low quality report

QA (Quality Assurance)

Q-101

External Links

Link to GitHub issue

The withdraw function will fail when extracting non-standard ERC20 tokens.

Position.sol L253

    /**
     * Withdraw any ERC20 token that might have ended up on this address.
     * Withdrawing collateral is subject to the same restrictions as withdrawCollateral(...).
     */
    function withdraw(address token, address target, uint256 amount) external onlyOwner {
        if (token == address(collateral)){
            withdrawCollateral(target, amount);
        } else {
            IERC20(token).transfer(target, amount);
        }
    }

Although the document states that the collateral needs to be reverted in case of a failed transfer, this function also has the ability to extract non-collateral tokens, which requires safeTransfer to ensure availability.

#0 - c4-pre-sort
2023-04-26T17:02:47Z

0xA5DF marked the issue as low quality report

#1 - 0xA5DF
2023-04-26T17:02:57Z

Single NC + automated findings

#2 - c4-judge
2023-05-16T03:04:40Z

hansfriese marked the issue as grade-c

#3 - c4-judge
2023-05-18T07:39:18Z

hansfriese marked the issue as grade-b

Frankencoin - p0wd3r's results

A decentralized and fully collateralized stablecoin.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-101] QA Report - $22.60

Findings Information

Awards

Labels

External Links

The withdraw function will fail when extracting non-standard ERC20 tokens.

#0 - c4-pre-sort2023-04-26T17:02:47Z

#1 - 0xA5DF2023-04-26T17:02:57Z

#2 - c4-judge2023-05-16T03:04:40Z

#3 - c4-judge2023-05-18T07:39:18Z

#0 - c4-pre-sort
2023-04-26T17:02:47Z

#1 - 0xA5DF
2023-04-26T17:02:57Z

#2 - c4-judge
2023-05-16T03:04:40Z

#3 - c4-judge
2023-05-18T07:39:18Z