Back to qpzm's contests

Lybra Finance - qpzm's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 128/132

Findings: 1

Award: $1.32

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: bytes032

Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul

Awards

1.3247 USDC - $1.32

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
edited-by-warden
duplicate-27

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/d7fb18cc47ca93ecdfd7f1668614c7fb0b9179aa/contracts/lybra/pools/LybraRETHVault.sol#L47

Vulnerability details

Impact

The comment says reth address is 0xae78736Cd615f374D3085123A210448E74Fc6393. The contract does not have getExchangeRatio function.

Proof of Concept

export ETH_RPC_URL=xxx
$ cast call 0xae78736Cd615f374D3085123A210448E74Fc6393 "getExchangeRatio()" --rpc-url $ETH_RPC_URL
Error: 
(code: -32000, message: execution reverted, data: None)

$ cast call 0xae78736Cd615f374D3085123A210448E74Fc6393 "getExchangeRate()" --rpc-url $ETH_RPC_URL 
0x0000000000000000000000000000000000000000000000000eed96b572a205d7

Tools Used

Manual review.

For rETH, use getExchangeRate. Its decimal is 18.

Assessed type

Error

#0 - c4-pre-sort

2023-07-08T19:43:51Z

JeffCX marked the issue as duplicate of #27

#1 - c4-judge

2023-07-28T17:14:12Z

0xean changed the severity to 2 (Med Risk)

#2 - c4-judge

2023-07-28T17:15:10Z

0xean marked the issue as satisfactory

Findings Information

🌟 Selected for report: bytes032

Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul

Awards

1.3247 USDC - $1.32

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
duplicate-27

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/d7fb18cc47ca93ecdfd7f1668614c7fb0b9179aa/contracts/lybra/pools/LybraWbETHVault.sol#L35

Vulnerability details

Impact

It cannot fetch the price of wBETH and thus depositEtherToMint will revert.

Proof of Concept

The comment says wbETH address is 0xae78736Cd615f374D3085123A210448E74Fc6393, but it is rETH. wBETH address is 0xa2e3356610840701bdf5611a53974510ae27e2e1 and .exchangeRatio() function is not implemented.

$ cast call 0xae78736Cd615f374D3085123A210448E74Fc6393 "getExchangeRatio()" --rpc-url https://eth-mainnet.g.alchemy.com/v2/-q9ovgIm5hecqRR7UIceeevnU2U9vdXn
Error: 
(code: -32000, message: execution reverted, data: None)

$ cast call 0xa2e3356610840701bdf5611a53974510ae27e2e1  "exchangeRate()" --rpc-url $ETH_RPC_URL
0x0000000000000000000000000000000000000000000000000dfc7377e47f5100

Tools Used

Manual review.

Use exchangeRate. Its decimal is 18.

Assessed type

Error

#0 - c4-pre-sort

2023-07-04T02:35:34Z

JeffCX marked the issue as duplicate of #129

#1 - c4-pre-sort

2023-07-04T13:29:32Z

JeffCX marked the issue as duplicate of #27

#2 - c4-judge

2023-07-28T17:14:12Z

0xean changed the severity to 2 (Med Risk)

#3 - c4-judge

2023-07-28T17:15:09Z

0xean marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter