Back to rvierdiiev's contests

Olas - rvierdiiev's results

Olas is a unified network for off-chain services like automation, oracles, co-owned AI. It offers a stack for building services and a protocol for incentivizing their creation and their operation in a co-owned and decentralized way.

General Information

Platform: Code4rena

Start Date: 21/12/2023

Pot Size: $90,500 USDC

Total HM: 10

Participants: 39

Period: 18 days

Judge: LSDan

Total Solo HM: 5

Id: 315

League: ETH

Olas

Findings Distribution

Researcher Performance

Rank: 34/39

Findings: 1

Award: $21.90

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOlas

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x11singh99, 0xA5DF, 0xMilenov, 0xTheC0der, 7ashraf, Bauchibred, EV_om, Kaysoft, Sathish9098, SpicyMeatball, cheatc0d3, erebus, hash, imare, immeas, joaovwfreire, lil_eth, lsaudit, oakcobalt, para8956, peanuts, rvierdiiev, slvDev, trachev

Awards

21.8971 USDC - $21.90

Labels

bug
downgraded by judge
grade-b
insufficient quality report
QA (Quality Assurance)
duplicate-381
Q-24

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-12-autonolas/blob/main/tokenomics/contracts/Tokenomics.sol#L768

Vulnerability details

Proof of Concept

Amount that user receives when he purchases a bond depends on idf, which is taken for the previous epoch.

idf is calculated when checkpoint is done and it depends on numNewOwners that were rewarded in the current epoch. The bigger numNewOwners amount, the bigger the idf.

When service is donated, then each of its agents and components is rewarded. _trackServiceDonations function checks the owner of unit and in case if it was not stored before, it memorizes that owner and increases numNewOwners for the epoch. Once owner is stored, then he will not be added again in next epochs.

All units are just nfts that have owners and that can be transferred to anyone else. Thus, owners who already were stored in the mapNewOwners array can transfer ownership to another account to increase numNewOwners and idf.

While numNewOwners should show that new developers are coming into the protocol, the system can be fooled.

Impact

numNewOwners manipulation is possible by transferring unit ownership to another account, which will increase idf and bonds payout.

Tools Used

VsCode

Can't propose good solution, as i believe that units should be transferrable by design. In case if you will store unit id instead, it will not work in same way as several units can have same author.

Assessed type

Error

#0 - c4-pre-sort

2024-01-10T15:08:12Z

alex-ppg marked the issue as duplicate of #381

#1 - c4-pre-sort

2024-01-10T15:08:16Z

alex-ppg marked the issue as insufficient quality report

#2 - c4-judge

2024-01-18T20:05:34Z

dmvt marked the issue as unsatisfactory: Out of scope

#3 - c4-judge

2024-01-25T16:48:41Z

dmvt changed the severity to QA (Quality Assurance)

#4 - c4-judge

2024-01-25T16:51:58Z

dmvt marked the issue as grade-c

#5 - c4-judge

2024-01-25T16:52:02Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter