Back to parsely's contests

Juicebox Buyback Delegate - parsely's results

Thousands of projects use Juicebox to fund, operate, and scale their ideas & communities transparently on Ethereum.

General Information

Platform: Code4rena

Start Date: 18/05/2023

Pot Size: $24,500 USDC

Total HM: 3

Participants: 72

Period: 4 days

Judge: LSDan

Id: 237

League: ETH

Juicebox

Findings Distribution

Researcher Performance

Rank: 43/72

Findings: 1

Award: $16.19

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJuicebox

Findings Information

🌟 Selected for report: ABA

Also found by: 0x4non, 0xHati, 0xMosh, 0xSmartContract, 0xWaitress, 0xhacksmithh, 0xnev, 0xprinc, Arabadzhiev, BLACK-PANDA-REACH, Deekshith99, Dimagu, KKat7531, Kose, LosPollosHermanos, MohammedRizwan, QiuhaoLi, RaymondFam, Rickard, Rolezn, SAAJ, Sathish9098, Shubham, SmartGooofy, Tripathi, Udsen, V1235816, adriro, arpit, ayden, bigtone, codeVolcan, d3e4, dwward3n, fatherOfBlocks, favelanky, jovemjeune, kutugu, lfzkoala, lukris02, matrix_0wl, minhquanym, ni8mare, parsely, pxng0lin, radev_sw, ravikiranweb3, rbserver, sces60107, souilos, tnevler, turvy_fuzz, yellowBirdy

Awards

16.1907 USDC - $16.19

Labels

bug
grade-b
QA (Quality Assurance)
Q-20

External Links

Link to GitHub issue

[L-01] In the _mint function the call to jbxTerminal.addToBalanceOf does not check the value that was send or the current balance of the contract before sending ETH to the terminal, if there is too little balance this could cause a revert.

Context

https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L348-L353

        // Send the eth back to the terminal balance
        jbxTerminal.addToBalanceOf{value: _data.amount.value}(
            _data.projectId, _data.amount.value, JBTokens.ETH, "", new bytes(0)
        );

        emit JBXBuybackDelegate_Mint(_data.projectId);
    }

Description

The call to the _mint function happens in the didPay() function, the balance of the contract or the current balance of the contract is not checked before the ETH is sent to the terminal, without context of previous calls, if there is any possibility of the accounting being wrong, a legitimate call could revert. Although the call is also future proofing to cater for future ERC20 token terminals , it would be a good idea to check the accounting before the call.

Resolution

It could be considered to check the value that was received from the terminal.pay() call and also the current contract balance, for either ETH or ERC20 tokens.

[L-02] In the _mint function the amount of tokens returned by the controller.mintTokensOf is not checked.

Context

https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L338-L345

        // Mint to the beneficiary with the fc reserve rate
        controller.mintTokensOf({
            _projectId: _data.projectId,
            _tokenCount: _amount,
            _beneficiary: _data.beneficiary,
            _memo: _data.memo,
            _preferClaimedTokens: _data.preferClaimedTokens,
            _useReservedRate: true
        });

Description

The call to the _mint function happens in the didPay() function, the call to controller.mintTokensOf does return the resulting number of minted tokens, and it could be considered to check that they are within expected range and that an error has not occurred.

Resolution

Implement a check to confirm the resulting number of tokens from the call to mintTokensOf.

#0 - c4-judge

2023-06-02T11:03:02Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter