Cudos contest - wuwe1's results

Decentralised cloud computing for Web3.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $75,000 USDC

Total HM: 6

Participants: 55

Period: 7 days

Judge: Albert Chon

Total Solo HM: 2

Id: 116

League: COSMOS

Cudos

Findings Distribution

Researcher Performance

Rank: 22/55

Findings: 1

Award: $502.47

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Cudos

Findings Information

🌟 Selected for report: wuwe1

Also found by: Dravee, GermanKuber, GimelSec, WatchPug, cccz, defsec, dipp, jah, reassor

Labels

bug

2 (Med Risk)

sponsor acknowledged

Awards

502.4722 USDC - $502.47

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L600

Vulnerability details

Impact

Since the _tokenContract can be any token, it is possible that loans will be created with tokens that support fee on transfer. If a fee on transfer asset token is chosen, other user's funds might be drained.

Proof of Concept

Assume transfer fee to be 5% and Gravity.sol has 200 token.
Alice sendToCosmos 100 token. Now, Gravity.sol has 295 token.
Alice calls the send-to-eth method to withdraw 100 token.
Gravity.sol ends up having 195 token.

Recommended Mitigation Steps

change to

	function sendToCosmos(
		address _tokenContract,
		bytes32 _destination,
		uint256 _amount
	) public nonReentrant  {
                uint256 oldBalance = IERC20(_tokenContract).balanceOf(address(this));
		IERC20(_tokenContract).safeTransferFrom(msg.sender, address(this), _amount);
                uint256 receivedAmout = IERC20(_tokenContract).balanceOf(address(this)) - oldBalance;
		state_lastEventNonce = state_lastEventNonce.add(1);
		emit SendToCosmosEvent(
			_tokenContract,
			msg.sender,
			_destination,
			receivedAmout,
			state_lastEventNonce
		);
	}

#0 - mlukanova
2022-05-11T12:52:34Z

Token transfers are restricted to the Cudos token which doesn't support fee on transfer. Will be fixed with #58

Cudos contest - wuwe1's results

Decentralised cloud computing for Web3.

General Information

Findings Distribution

Researcher Performance

External Links

🌟 [M-04] Protocol doesn't handle fee on transfer tokens - $502.47

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - mlukanova2022-05-11T12:52:34Z

#0 - mlukanova
2022-05-11T12:52:34Z