Back to paspe's contests

RabbitHole Quest Protocol contest - paspe's results

A protocol to distribute token rewards for completing on-chain tasks.

General Information

Platform: Code4rena

Start Date: 25/01/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 173

Period: 5 days

Judge: kirk-baird

Total Solo HM: 1

Id: 208

League: ETH

RabbitHole

Findings Distribution

Researcher Performance

Rank: 159/173

Findings: 1

Award: $2.59

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRabbitHole

Findings Information

🌟 Selected for report: adriro

Also found by: 0xMAKEOUTHILL, 0xMirce, 7siech, AkshaySrivastav, AlexCzm, Awesome, Aymen0909, Cryptor, Deivitto, DimitarDimitrov, ElKu, Garrett, Jayus, Josiah, Kenshin, KrisApostolov, RaymondFam, SovaSlava, Timenov, UdarTeam, amaechieth, btk, c3phas, codeislight, fellows, frankudoags, gzeon, hansfriese, luxartvinsec, millersplanet, mookimgo, navinavu, oberon, paspe, pavankv, petersspetrov, pfapostol, prestoncodes, rbserver, sakshamguruji, shark, thekmj, trustindistrust, tsvetanovv, usmannk, vagrant, vanko1, xAriextz, yosuke

Awards

2.5852 USDC - $2.59

Labels

bug
3 (High Risk)
satisfactory
duplicate-608

External Links

Link to GitHub issue

Lines of code

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L59 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L48

Vulnerability details

Impact

The modifier onlyMinter that is declared in RabbitHoleReceipt.sol and RabbitHoleTickets.sol files has no impact and has no protection for methods that are used.

The modifier onlyMinter is used in 3 functions. Having no right check would mean that this modifier will always be bypassed and would result in everyone having the ability to call the mint and mintBatch functions. I presume that the used in two files is a mistyped error and also copy-pasted in the other file. This can lead to more problems if more modifiers are developing like that.

Proof of Concept

File: contracts/RabbitHoleReceipt.sol

58:     modifier onlyMinter() {
        msg.sender == minterAddress;
        _;
        }

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58-L61

File: contracts/RabbitHoleTickets.sol

47:     modifier onlyMinter() {
        msg.sender == minterAddress;
        _;
        }

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L47-L50

Tools Used

No tools were used only I spotted it like the wrong expression.

It needs to be written for example likerequire a rule require(msg.sender == minterAddress, “The sender must match the minter address”)

Or be a custom error with revert if(msg.sender != minterAddress) revert DifferentMinterAddress()

#0 - c4-judge

2023-02-05T04:48:39Z

kirk-baird marked the issue as duplicate of #9

#1 - c4-judge

2023-02-14T08:39:12Z

kirk-baird marked the issue as satisfactory

Findings Information

🌟 Selected for report: adriro

Also found by: 0xMAKEOUTHILL, 0xMirce, 7siech, AkshaySrivastav, AlexCzm, Awesome, Aymen0909, Cryptor, Deivitto, DimitarDimitrov, ElKu, Garrett, Jayus, Josiah, Kenshin, KrisApostolov, RaymondFam, SovaSlava, Timenov, UdarTeam, amaechieth, btk, c3phas, codeislight, fellows, frankudoags, gzeon, hansfriese, luxartvinsec, millersplanet, mookimgo, navinavu, oberon, paspe, pavankv, petersspetrov, pfapostol, prestoncodes, rbserver, sakshamguruji, shark, thekmj, trustindistrust, tsvetanovv, usmannk, vagrant, vanko1, xAriextz, yosuke

Awards

2.5852 USDC - $2.59

Labels

bug
3 (High Risk)
satisfactory
duplicate-608

External Links

Link to GitHub issue

Lines of code

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58-L61 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L47-L50

Vulnerability details

Impact

The modifier onlyMinter that is declared in RabbitHoleReceipt.sol and RabbitHoleTickets.sol files has no impact and has no protection for methods that are used.

The modifier onlyMinter is used in 3 functions. Having no right check would mean that this modifier will always be bypassed and would result in everyone having the ability to call the mint and mintBatch functions. I presume that the used in two files is a mistyped error and also copy-pasted in the other file. This can lead to more problems if more modifiers are developing like that.

Proof of Concept

File: contracts/RabbitHoleReceipt.sol

58:     modifier onlyMinter() {
        msg.sender == minterAddress;
        _;
        }

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58-L61

File: contracts/RabbitHoleTickets.sol

47:     modifier onlyMinter() {
        msg.sender == minterAddress;
        _;
        }

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L47-L50

Tools Used

No tools were used only I spotted it like the wrong expression.

It needs to be written for example likerequire a rule require(msg.sender == minterAddress, “The sender must match the minter address”)

Or be a custom error with revert if(msg.sender != minterAddress) revert DifferentMinterAddress()

#0 - c4-judge

2023-02-05T04:48:54Z

kirk-baird marked the issue as duplicate of #9

#1 - c4-judge

2023-02-14T08:39:11Z

kirk-baird marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter