Canto Application Specific Dollars and Bonding Curves for 1155s - peritoflores's results

Tokenizable bonding curves using a Stablecoin-as-a-Service token

General Information

Platform: Code4rena

Start Date: 13/11/2023

Pot Size: $24,500 USDC

Total HM: 3

Participants: 120

Period: 4 days

Judge: 0xTheC0der

Id: 306

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 98/120

Findings: 1

Award: $1.37

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: rvierdiiev

Also found by: 0x175, 0x3b, 0xMango, 0xarno, 0xpiken, Bauchibred, DarkTower, ElCid, Giorgio, HChang26, Kose, KupiaSec, Madalad, PENGUN, Pheonix, RaoulSchaffranek, SpicyMeatball, T1MOH, Tricko, Udsen, Yanchuan, aslanbek, ast3ros, bart1e, bin2chen, chaduke, d3e4, deepkin, developerjordy, glcanvas, inzinko, jasonxiale, jnforja, mahyar, max10afternoon, mojito_auditor, neocrao, nmirchev8, openwide, osmanozdemir1, peanuts, pep7siup, peritoflores, pontifex, rice_cooker, rouhsamad, t0x1c, tnquanghuy0512, turvy_fuzz, twcctop, ustas, vangrim, zhaojie, zhaojohnson

Awards

1.3743 USDC - $1.37

Labels

bug

2 (Med Risk)

satisfactory

duplicate-12

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L150 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L174

Vulnerability details

Impact

Loss of funds

Analysis of the vulnerability

Functions buy() and sell() are swaps of NOTE for asD token.

Users call getBuyPrice and getSellprice just before buy and sellin order to estimate the price to pay / sell the token.

However, the nature of the blockchain causes this price to fluctuate if the transactions is frontrunned by other. As you receive the price from an external contract (Bonding Curve) that is be different for different coins the risk of losses for slippage is high.

As a result, you need to add a protection to these functions.

Recommendation

Similar to Uniswap, I suggest you adding a new parameter called maxAmountIn (or similar) to the buy function, that limits the amount of tokens the user is willing to transfer in exchange.

The transaction should revert if price + fee is higher than maxAmountIn

(uint256 price, uint256 fee) = getBuyPrice(_id, _amount);

[+] require(price + fee <= maxAmountInt, "Some message");

Similarly for sell function you can add a parameter called minAmountOut

Assessed type

Token-Transfer

#0 - c4-pre-sort
2023-11-18T10:42:53Z

minhquanym marked the issue as duplicate of #12

#1 - c4-judge
2023-11-28T23:35:06Z

MarioPoneder marked the issue as satisfactory

Canto Application Specific Dollars and Bonding Curves for 1155s - peritoflores's results

Tokenizable bonding curves using a Stablecoin-as-a-Service token

General Information

Findings Distribution

Researcher Performance

External Links

[M-01] [M1] Buy and sell have no slippage protection - $1.37

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Analysis of the vulnerability

Recommendation

Assessed type

#0 - c4-pre-sort2023-11-18T10:42:53Z

#1 - c4-judge2023-11-28T23:35:06Z

#0 - c4-pre-sort
2023-11-18T10:42:53Z

#1 - c4-judge
2023-11-28T23:35:06Z