Livepeer contest - pauliax's results

Decentralized live streaming platform built on the blockchain.

General Information

Platform: Code4rena

Start Date: 13/01/2022

Pot Size: $75,000 USDC

Total HM: 9

Participants: 27

Period: 7 days

Judge: leastwood

Total Solo HM: 5

Id: 73

League: ETH

Livepeer

Findings Distribution

Researcher Performance

Rank: 13/27

Findings: 2

Award: $317.24

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Livepeer

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: kemmio

Also found by: 0x1f8b, danb, gzeon, pauliax

Labels

bug

duplicate

1 (Low Risk)

Awards

1.4926 LPT - $55.34

152.2025 USDC - $152.20

External Links

Link to GitHub issue

Handle

pauliax

Vulnerability details

Impact

Function recoverSigner in L1Migrator returns an empty address if the signature is empty:

  if (_sig.length == 0) {
      return address(0);
  }

This means you can bypass the signature verification by passing an empty signature and an empty address for _l1Addr. Then you can specify any _l2Addr and it will work.

Recommended Mitigation Steps

It should revert when the signature is empty or just let the ECDSA.recover reject it.

#0 - yondonfu
2022-01-23T00:43:52Z

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/142

Findings Information

🌟 Selected for report: Dravee

Also found by: pauliax

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.3637 LPT - $13.49

37.086 USDC - $37.09

External Links

Link to GitHub issue

Handle

pauliax

Vulnerability details

Impact

Would be cheapier to have >= condition here to avoid extra calculation when _amount = l2SupplyFromL1:

  if (_amount > l2SupplyFromL1) {
      l2SupplyFromL1 = 0;
  } else {
      l2SupplyFromL1 -= _amount;
  }

#0 - yondonfu
2022-01-23T21:04:05Z

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/137

Findings Information

🌟 Selected for report: hyh

Also found by: pauliax

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.3637 LPT - $13.49

37.086 USDC - $37.09

External Links

Link to GitHub issue

Handle

pauliax

Vulnerability details

Impact

(initialStake - claimedInitialStake) is re-calculated twice:

  // Calculate stake owed to delegator
  uint256 currTotalStake = pendingStake();
  uint256 owedStake = (currTotalStake * _stake) /
      (initialStake - claimedInitialStake);

  // Calculate fees owed to delegator
  uint256 currTotalFees = pendingFees();
  uint256 owedFees = (currTotalFees * _stake) /
      (initialStake - claimedInitialStake);

#0 - yondonfu
2022-01-23T21:04:43Z

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/154

Findings Information

🌟 Selected for report: ye0lde

Also found by: Dravee, Jujic, byterocket, defsec, p4st13r4, pauliax

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.0614 LPT - $2.28

6.2568 USDC - $6.26

External Links

Link to GitHub issue

Handle

pauliax

Vulnerability details

Impact

Assigned operations to constant variables are re-evaluated every time:

  bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
  bytes32 public constant BURNER_ROLE = keccak256("BURNER_ROLE");

  bytes32 public constant GOVERNOR_ROLE = keccak256("GOVERNOR_ROLE");

  bytes32 private constant MIGRATE_DELEGATOR_TYPE_HASH =
    keccak256("MigrateDelegator(address l1Addr,address l2Addr)");

  bytes32 private constant MIGRATE_UNBONDING_LOCKS_TYPE_HASH =
    keccak256(
      "MigrateUnbondingLocks(address l1Addr,address l2Addr,uint256[] unbondingLockIds)"
    );

  bytes32 private constant MIGRATE_SENDER_TYPE_HASH =
    keccak256("MigrateSender(address l1Addr,address l2Addr)");

See https://github.com/ethereum/solidity/issues/9232

Recommended Mitigation Steps

Change from 'constant' to 'immutable'.

#0 - yondonfu
2022-01-23T21:02:35Z

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/172

Livepeer contest - pauliax's results

Decentralized live streaming platform built on the blockchain.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $207.54

Gas Report - $109.70

QA Report - $207.54

Gas Report - $109.70

[L-02] recoverSigner returns an empty address when the signature is empty - $207.54

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

#0 - yondonfu2022-01-23T00:43:52Z

[G-08] Assign to 0 when _amount = l2SupplyFromL1 - $50.58

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

#0 - yondonfu2022-01-23T21:04:05Z

[G-37] Repeated math operations - $50.58

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

#0 - yondonfu2022-01-23T21:04:43Z

[G-18] Assigned operations to constant variables - $8.54

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

#0 - yondonfu2022-01-23T21:02:35Z

#0 - yondonfu
2022-01-23T00:43:52Z

#0 - yondonfu
2022-01-23T21:04:05Z

#0 - yondonfu
2022-01-23T21:04:43Z

#0 - yondonfu
2022-01-23T21:02:35Z