Trader Joe contest - saian's results

One-stop-shop decentralized trading on Avalanche.

General Information

Platform: Code4rena

Start Date: 25/01/2022

Pot Size: $50,000 USDT

Total HM: 17

Participants: 39

Period: 3 days

Judge: LSDan

Total Solo HM: 9

Id: 79

League: ETH

Trader Joe

Findings Distribution

Researcher Performance

Rank: 33/39

Findings: 1

Award: $74.47

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Trader Joe

Findings Information

🌟 Selected for report: cmichel

Also found by: Czar102, Ruhum, Tomio, WatchPug, defsec, hack3r-0m, hyh, saian

Labels

bug

duplicate

2 (Med Risk)

Awards

74.4672 USDT - $74.47

External Links

Link to GitHub issue

Handle

saian

Vulnerability details

Impact

transferFrom might return false in some implementation that will go unchecked, use a require() or openzeppelin's safeTransferFrom

Proof of Concept

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeFactory.sol#L133

Tools Used

Manual Analysis

Recommended Mitigation Steps

Use a require statement to check return value or use safeTransferFrom

#0 - cryptofish7
2022-01-31T00:49:53Z

Duplicate of #232

#1 - dmvt
2022-02-22T19:26:31Z

duplicate of #198

Trader Joe contest - saian's results

One-stop-shop decentralized trading on Avalanche.

General Information

Findings Distribution

Researcher Performance

External Links

[M-13] Use safeTransferFrom instead of transferFrom - $74.47

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - cryptofish72022-01-31T00:49:53Z

#1 - dmvt2022-02-22T19:26:31Z

#0 - cryptofish7
2022-01-31T00:49:53Z

#1 - dmvt
2022-02-22T19:26:31Z