Escher contest - supernova's results

A decentralized curated marketplace for editioned artwork.

General Information

Platform: Code4rena

Start Date: 06/12/2022

Pot Size: $36,500 USDC

Total HM: 16

Participants: 119

Period: 3 days

Judge: berndartmueller

Total Solo HM: 2

Id: 189

League: ETH

Escher

Findings Distribution

Researcher Performance

Rank: 109/119

Findings: 1

Award: $0.61

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Escher

Findings Information

🌟 Selected for report: RaymondFam

Also found by: 0xdeadbeef0x, 0xhacksmithh, AkshaySrivastav, Awesome, Bnke0x0, CRYP70, HollaDieWaldfee, JC, Parth, Rahoz, Tutturu, __141345__, ahmedov, ajtra, asgeir, aviggiano, bin2chen, btk, carrotsmuggler, cccz, chaduke, cryptonue, dic0de, fatherOfBlocks, fs0c, hansfriese, jonatascm, karanctf, ladboy233, lumoswiz, martin, obront, pashov, pauliax, rvierdiiev, shark, simon135, supernova, tourist, yellowBirdy, zapaz, zaskoh

Awards

0.6136 USDC - $0.61

Labels

bug

2 (Med Risk)

downgraded by judge

satisfactory

duplicate-99

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/FixedPrice.sol#L109 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDA.sol#L105 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDA.sol#L86 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDA.sol#L85 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/OpenEdition.sol#L92

Vulnerability details

Impact

transfer method is not recommended to use , due to its fixed gas limit of 2300 . There are many cases where transfer will fail due to gas limit exceeded.

Proof of Concept

https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/

If the receive function of the receiver has some additional logic like a mapping . Then the transfer to it will fail due to gas cost exceeded.

Tools Used

Manual

Recommended Mitigation Steps

I strongly recommend to switch to call method for sending value across the whole escher ecosystem contracts.

#0 - c4-judge
2022-12-10T00:29:59Z

berndartmueller marked the issue as duplicate of #99

#1 - c4-judge
2023-01-03T12:46:26Z

berndartmueller changed the severity to 2 (Med Risk)

#2 - c4-judge
2023-01-03T12:46:30Z

berndartmueller marked the issue as satisfactory

Escher contest - supernova's results

A decentralized curated marketplace for editioned artwork.

General Information

Findings Distribution

Researcher Performance

External Links

[M-02] Use call opcode instead of transfer for sending value - $0.61

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - c4-judge2022-12-10T00:29:59Z

#1 - c4-judge2023-01-03T12:46:26Z

#2 - c4-judge2023-01-03T12:46:30Z

#0 - c4-judge
2022-12-10T00:29:59Z

#1 - c4-judge
2023-01-03T12:46:26Z

#2 - c4-judge
2023-01-03T12:46:30Z