Back to sil3th's contests

DYAD - sil3th's results

The first capital efficient overcollateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 18/04/2024

Pot Size: $36,500 USDC

Total HM: 19

Participants: 183

Period: 7 days

Judge: Koolex

Id: 367

League: ETH

DYAD

Findings Distribution

Researcher Performance

Rank: 120/183

Findings: 1

Award: $7.35

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDYAD

Findings Information

🌟 Selected for report: TheSavageTeddy

Also found by: 0x175, 0x486776, 0xnev, AamirMK, AlexCzm, ArmedGoose, BiasedMerc, CaeraDenoir, Egis_Security, Jorgect, KYP, MrPotatoMagic, PoeAudits, SBSecurity, SovaSlava, VAD37, adam-idarrha, alix40, carrotsmuggler, d_tony7470, dimulski, grearlake, josephdara, ljj, n0kto, okolicodes, sashik_eth, sil3th, turvy_fuzz

Awards

7.3512 USDC - $7.35

Labels

bug
2 (Med Risk)
satisfactory
sufficient quality report
:robot:_39_group
duplicate-118

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L94-L104

Vulnerability details

Impact

Vaults will be unable to be removed since they need not to have assets on removal.

Proof of Concept

  • Bob a malicious user adds an invalidDNFT in the vault since the add function does not check whether the NFT is valid or not.
  function add(
      uint    id,
      address vault
  ) 
    external
      isDNftOwner(id)
  {
    if (vaults[id].length() >= MAX_VAULTS) revert TooManyVaults();
    if (!vaultLicenser.isLicensed(vault))  revert VaultNotLicensed();
    if (!vaults[id].add(vault))            revert VaultAlreadyAdded();
    emit Added(id, vault);
  }
  • When trying to remove the vault using the remove function it will check if the vaultHasAssets as shown in the check below from the remove function making it impossible to remove the vault.
 
    if (Vault(vault).id2asset(id) > 0) revert VaultHasAssets();

Tools Used

Manual Review

Add a check on the add function to ensure only valid NFTs can be added to a vault. As shown below:

  function add(
      uint    id,
      address vault
  ) 
    external
      isDNftOwner(id)
++    isValidDNft(id)
  {
    if (vaults[id].length() >= MAX_VAULTS) revert TooManyVaults();
    if (!vaultLicenser.isLicensed(vault))  revert VaultNotLicensed();
    if (!vaults[id].add(vault))            revert VaultAlreadyAdded();
    emit Added(id, vault);
  }

Assessed type

DoS

#0 - c4-pre-sort

2024-04-27T13:34:54Z

JustDravee marked the issue as duplicate of #489

#1 - c4-pre-sort

2024-04-29T09:31:41Z

JustDravee marked the issue as sufficient quality report

#2 - c4-judge

2024-05-05T20:38:15Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#3 - c4-judge

2024-05-05T20:39:24Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2024-05-05T21:27:36Z

koolexcrypto marked the issue as nullified

#5 - c4-judge

2024-05-05T21:27:42Z

koolexcrypto marked the issue as not nullified

#6 - c4-judge

2024-05-05T21:27:48Z

koolexcrypto marked the issue as not a duplicate

#7 - c4-judge

2024-05-06T08:55:24Z

koolexcrypto marked the issue as duplicate of #118

#8 - c4-judge

2024-05-11T12:24:13Z

koolexcrypto marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter