Back to pants's contests

Mochi contest - pants's results

Next-Gen Decentralized Digital Currency Backed By Long-Tail Cryptoassets.

General Information

Platform: Code4rena

Start Date: 21/10/2021

Pot Size: $80,000 ETH

Total HM: 28

Participants: 15

Period: 7 days

Judge: ghoulsol

Total Solo HM: 19

Id: 42

League: ETH

Mochi

Findings Distribution

Researcher Performance

Rank: 14/15

Findings: 2

Award: $254.58

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMochi

Findings Information

🌟 Selected for report: loop

Also found by: WatchPug, cmichel, defsec, gzeon, leastwood, nikitastupin, pants

Labels

bug
duplicate
2 (Med Risk)
disagree with severity

Awards

0.0174 ETH - $72.55

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

DutchAuctionLiquidator.settleLiquidation function uses the standard IERC20 function for the transfer call and proceeds ignoring the return value. Popular assets as USDT doesn't revert at fail, but just returns false.

impact

When using any non-standard compliant token like USDT, the function may proceed and remove user funds while didn't actually transferred the assets.

mitigation step

We recommend using OpenZeppelin’s SafeERC20 versions with the safeApprove function that handles the return value check as well as non-standard-compliant tokens.

#0 - r2moon

2021-10-27T13:58:07Z

duplicated with https://github.com/code-423n4/2021-10-mochi-findings/issues/75

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter