Back to twcctop's contests

Ethereum Credit Guild - twcctop's results

A trust minimized pooled lending protocol.

General Information

Platform: Code4rena

Start Date: 11/12/2023

Pot Size: $90,500 USDC

Total HM: 29

Participants: 127

Period: 17 days

Judge: TrungOre

Total Solo HM: 4

Id: 310

League: ETH

Ethereum Credit Guild

Findings Distribution

Researcher Performance

Rank: 102/127

Findings: 1

Award: $30.41

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryEthereum Credit Guild

Findings Information

🌟 Selected for report: neocrao

Also found by: 0xStalin, Aymen0909, Byteblockers, Chinmay, The-Seraphs, TheSchnilch, Timenov, Varun_05, ether_sky, kaden, mojito_auditor, mussucal, nonseodion, rbserver, santipu_, thank_you, twcctop

Awards

30.4141 USDC - $30.41

Labels

bug
2 (Med Risk)
satisfactory
sufficient quality report
duplicate-708

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/e3d3e581e0e51a9ecf3a5a0c4e4bd4af32552fc0/src/loan/LendingTerm.sol#L322-L329

Vulnerability details

Impact

_hardCap check may be bypassed and possibly get a larger debtCeiling return.

Proof of Concept

Logic error in get min of there values.

   // return min(creditMinterBuffer, hardCap, debtCeiling)
        if (creditMinterBuffer < _debtCeiling) {
@>            return creditMinterBuffer;
        }
        if (_hardCap < _debtCeiling) {
            return _hardCap;
        }
        return _debtCeiling;

the purpose of the logic is to get min value of three. The issue is when creditMinterBuffer < _debtCeiling , it will direct return and don't check the third value _hardCap , sometimes _hardCap will be set to 0, for example after forgive a loan. So the _hardCap check will be bypassed and possibly get a larger debtCeiling return.

Tools Used

manual

change the logic of three value compare

Assessed type

Invalid Validation

#0 - c4-pre-sort

2024-01-05T08:42:25Z

0xSorryNotSorry marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-01-05T08:43:03Z

0xSorryNotSorry marked the issue as duplicate of #708

#2 - c4-judge

2024-01-28T19:48:07Z

Trumpero marked the issue as satisfactory

Findings Information

🌟 Selected for report: neocrao

Also found by: 0xStalin, Aymen0909, Byteblockers, Chinmay, The-Seraphs, TheSchnilch, Timenov, Varun_05, ether_sky, kaden, mojito_auditor, mussucal, nonseodion, rbserver, santipu_, thank_you, twcctop

Awards

30.4141 USDC - $30.41

Labels

bug
2 (Med Risk)
partial-50
sufficient quality report
upgraded by judge
duplicate-708

External Links

Link to GitHub issue

L1 debtCeiling don't check _hardCap when no more borrows allowed

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/e3d3e581e0e51a9ecf3a5a0c4e4bd4af32552fc0/src/loan/LendingTerm.sol#L305-L311

   if (_issuance >= debtCeilingBefore) {
            return debtCeilingBefore; // no more borrows allowed
        }

When no more borrow allowed, it will return the minimum value of _issuance and debtCeilingBefore, but don't check the _hardCap.

#0 - c4-pre-sort

2024-01-05T18:42:06Z

0xSorryNotSorry marked the issue as sufficient quality report

#1 - Trumpero

2024-01-30T23:47:56Z

dup of #708 -> med only 50% partial credit since it lacks quality

#2 - c4-judge

2024-01-30T23:48:06Z

Trumpero changed the severity to 2 (Med Risk)

#3 - c4-judge

2024-01-30T23:48:06Z

Trumpero changed the severity to 2 (Med Risk)

#4 - c4-judge

2024-01-30T23:48:35Z

Trumpero marked the issue as duplicate of #708

#5 - c4-judge

2024-01-30T23:49:08Z

Trumpero marked the issue as partial-50

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter