Back to sbaudh6's contests

Canto Application Specific Dollars and Bonding Curves for 1155s - sbaudh6's results

Tokenizable bonding curves using a Stablecoin-as-a-Service token

General Information

Platform: Code4rena

Start Date: 13/11/2023

Pot Size: $24,500 USDC

Total HM: 3

Participants: 120

Period: 4 days

Judge: 0xTheC0der

Id: 306

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 76/120

Findings: 1

Award: $4.08

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: chaduke

Also found by: 0xpiken, Bauchibred, Matin, MohammedRizwan, MrPotatoMagic, OMEN, Pheonix, SandNallani, T1MOH, Topmark, ZanyBonzy, adriro, aslanbek, ayden, bareli, bart1e, bin2chen, btk, cheatc0d3, codynhat, critical-or-high, d3e4, erebus, firmanregar, hunter_w3b, jasonxiale, kaveyjoe, ksk2345, lsaudit, max10afternoon, merlinboii, nailkhalimov, osmanozdemir1, peanuts, pep7siup, pontifex, sbaudh6, shenwilly, sl1, tourist, wisdomn_, young, zhaojie

Awards

4.0797 USDC - $4.08

Labels

bug
downgraded by judge
grade-b
insufficient quality report
QA (Quality Assurance)
Q-41

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L197

Vulnerability details

Hello Team,

Summary :

I would like to report an issue in smart contract [Market.sol] in which developer miss to a check a correct Logical check due to which a minor accounting issue will occur due to which getNFTMintingPrice() function functionality is in Doubt

Means , if the Numerator value is Less then Denominator then Overall Fee we pay = ZERO

Exact Issue :

Step 1 : Open the Link = https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L197

Step 2 : At Line 197 Here you see a function like this ;

          function getNFTMintingPrice(uint256 _id, uint256 _amount) public view returns (uint256 fee) {
    address bondingCurve = shareData[_id].bondingCurve;
    (uint256 priceForOne, ) = IBondingCurve(bondingCurve).getPriceAndFee(shareData[_id].tokenCount, 1);
    fee = (priceForOne * _amount * NFT_FEE_BPS) / 10_000;
}

Step 3 : Here In the Code : ( Since Visibility of this Function is PUBLIC)

              fee = (priceForOne * _amount * NFT_FEE_BPS) / 10_000;

Step 4 :

  NFT_FEE_BPS  = 1000
  _amount           =  4
  priceForOne     = 2

then Overall Output will be :

         fee =  ( 2 * 4 * 1000) / 10000

                =  8000 / 10000

           fee  = 0

Impact :

  1. User have an ability to mint an NFT with paying ZERO Fee.

  2. Violation of secure code design principles.

Recommendation :

Recommend developer to impose a strict security check so that Numerator >= Denominator .

 function getNFTMintingPrice(uint256 _id, uint256 _amount) public view returns (uint256 fee) {
    address bondingCurve = shareData[_id].bondingCurve;
    (uint256 priceForOne, ) = IBondingCurve(bondingCurve).getPriceAndFee(shareData[_id].tokenCount, 1);
     require( (priceForOne * _amount * NFT_FEE_BPS) >= 10000);
     fee = (priceForOne * _amount * NFT_FEE_BPS) / 10_000;
   }

Assessed type

Math

#0 - c4-pre-sort

2023-11-19T08:35:54Z

minhquanym marked the issue as insufficient quality report

#1 - minhquanym

2023-11-19T08:36:14Z

QA max

#2 - MarioPoneder

2023-11-29T17:34:22Z

Edge case and miniscule amounts, therefore QA

#3 - c4-judge

2023-11-29T17:34:28Z

MarioPoneder changed the severity to QA (Quality Assurance)

#4 - c4-judge

2023-11-29T22:39:41Z

MarioPoneder marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter