Platform: Code4rena
Start Date: 03/05/2023
Pot Size: $60,500 USDC
Total HM: 25
Participants: 114
Period: 8 days
Judge: Picodes
Total Solo HM: 6
Id: 234
League: ETH
Rank: 64/114
Findings: 1
Award: $68.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xTheC0der
Also found by: DadeKuma, Haipls, SpicyMeatball, ToonVH, aviggiano, azhar, evmboi32, juancito, kodyvim, ro1sharkm, rvierdiiev, sakshamguruji
68.0365 USDC - $68.04
Judge has assessed an item in Issue #410 as 2 risk. The relevant finding follows:
[QA-2] Publicly Callable memorializePositions() Function Allows Unauthorized memorization of User Positions memorializePositions() function in positionManager.sol allows any caller to modify position information of any user. This is because the function does not include any ownership check on the provided TokenID.Any user can guess and update a position that they should not have access to. While the downside is that the user must know both the TokenID and position indexes, it is possible for a malicious user to guess the position index and the TokenID which is a predictable value.
See the markdown file with the details of this report here.
#0 - c4-judge
2023-05-18T18:37:11Z
Picodes marked the issue as duplicate of #356
#1 - c4-judge
2023-05-30T21:47:18Z
Picodes marked the issue as duplicate of #488
#2 - c4-judge
2023-05-30T21:47:43Z
Picodes marked the issue as partial-50
#3 - c4-judge
2023-05-30T21:47:48Z
Picodes marked the issue as satisfactory
#4 - c4-judge
2023-05-30T21:48:18Z
Picodes changed the severity to 3 (High Risk)