Back to sorrynotsorry's contests

LI.FI contest - sorrynotsorry's results

Bridge & DEX Aggregation.

General Information

Platform: Code4rena

Start Date: 24/03/2022

Pot Size: $75,000 USDC

Total HM: 15

Participants: 59

Period: 7 days

Judge: gzeon

Id: 103

League: ETH

LI.FI

Findings Distribution

Researcher Performance

Rank: 27/59

Findings: 3

Award: $632.50

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLI.FI

Findings Information

🌟 Selected for report: hake

Also found by: Jujic, WatchPug, catchup, danb, defsec, kirk-baird, nedodn, shenwilly, sorrynotsorry

Labels

bug
duplicate
2 (Med Risk)

Awards

196.5762 USDC - $196.58

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L20-L38 https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/OwnershipFacet.sol#L8-L15

Vulnerability details

Medium Risk

Risk of centralization

Impact

Diamond owner has too many roles on setting the functions, initiating payable functions. If the Owner account is compromised, the assets may be drained in this trustless system.

Proof of Concept

https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L20-L38 https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/OwnershipFacet.sol#L8-L15

Tools Used

Static testing

Team can consider building the owner account in DAO or multisig.

#0 - H3xept

2022-04-12T10:10:15Z

Duplicate of #65

Findings Information

🌟 Selected for report: hyh

Also found by: Dravee, JMukesh, Jujic, peritoflores, shw, sorrynotsorry, wuwe1

Labels

bug
duplicate
2 (Med Risk)

Awards

303.3583 USDC - $303.36

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Libraries/LibAsset.sol#L79-L85 https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L20-L38

Vulnerability details

Impact

Withdrawals and transferERC20 tokens are executed via transferERC20() and withdraw() functions. Since these functions calls with a fixed amount of gas, it's not yet guaranteed to reach to the destination if the receiver is a smart contract.

Proof of Concept

https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Libraries/LibAsset.sol#L79-L85 https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L20-L38

Outlines are here : https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/

Tools Used

Static testing

Team can consider using call.value(amount)

#0 - H3xept

2022-04-01T11:53:59Z

Fixed in lifinance/lifi-contracts@274a41b047b3863d9ae232eefea04896dc32d853

#1 - H3xept

2022-04-08T15:28:16Z

Duplicate of #14

Findings Information

🌟 Selected for report: hake

Also found by: 0v3rf10w, 0xDjango, 0xkatana, BouSalman, CertoraInc, Dravee, Hawkeye, IllIllI, JMukesh, Jujic, Kenshin, PPrieditis, Picodes, PranavG, Ruhum, SolidityScan, VAD37, WatchPug, aga7hokakological, catchup, csanuragjain, cthulhu_cult, defsec, dimitri, hickuphh3, hubble, hyh, kenta, kirk-baird, obront, peritoflores, rayn, robee, saian, samruna, shenwilly, shw, sorrynotsorry, tchkvsky, teryanarmen, ych18

Awards

132.5612 USDC - $132.56

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA Report (Low / Non-Critical)

  • There is no zero address check in constructor function for the owner address in LiFiDiamond.sol
  • Usage of deprecated safeApprove. Link
  • Require statements are missing for addFunction() in LibDiamond.sol

Team can consider adding statements as;

require(_selector != 0, "Error msg here");
require(_facetAddress != address(0), "Error msg here");
  • Remove sol-hints on various locations.
  • Statement should be corrected to native asset rather than ether for correct guidance in LibAsset.sol#L42-L45
  • Remove bug related todo at WithdrawFacet.sol#L29
  • No amount check is carried out at LibAsset.sol inside transferNativeAsset()
  • enforceHasContractCode in LibDiamond.sol should not be relied on if the target is a contract inside the construction. Reference is here
  • Redundant if statement in LibDiamond.sol#196 since the statement is assumed as not succeeded.
  • Emit event at LibDiamond.sol#79 can be considered to be thrown after initializeDiamondCut function success.

#0 - H3xept

2022-04-11T11:23:08Z

Re Use of deprecated safeApprove()

Duplicate of #82

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter