Back to y51r's contests

Lybra Finance - y51r's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 59/132

Findings: 2

Award: $119.28

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: T1MOH

Also found by: KupiaSec, RedTiger, devival, kenta, y51r

Labels

bug
2 (Med Risk)
satisfactory
duplicate-44

Awards

109.3508 USDC - $109.35

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/configuration/LybraConfigurator.sol#L339

Vulnerability details

The getBadCollateralRatio function may lead to a potential underflow if vaultSafeCollateralRatio[pool] is not set before performing the subtraction. This issue can result in unexpected behavior and compromise the correctness of the calculations.

Impact

  • If vaultSafeCollateralRatio[pool] is not set (i.e., equals zero), subtracting 1e19 from it can result in an underflow.
  • Underflow can lead to unintended large values or even wraparound, compromising the integrity of the calculations.
  • Incorrect calculations of the bad collateral ratio can impact decision-making processes and compromise the overall functionality of the system.

Proof of Concept

To demonstrate the issue, consider the following scenario:

  • Assume vaultSafeCollateralRatio[pool] is not set, resulting in a value of zero.
  • The function is called with the given scenario.

In this scenario, when executing the function, the subtraction vaultSafeCollateralRatio[pool] - 1e19 will result in an underflow, producing a potentially large and incorrect value as the return. The function execution will revert.

Tools Used

Manual review

To address this issue, it is recommended to perform a check to ensure that vaultSafeCollateralRatio[pool] is not zero before performing the subtraction.

Assessed type

Under/Overflow

#0 - c4-pre-sort

2023-07-11T17:25:37Z

JeffCX marked the issue as duplicate of #926

#1 - c4-judge

2023-07-28T15:36:05Z

0xean marked the issue as satisfactory

Findings Information

🌟 Selected for report: 0xnev

Also found by: 0xRobocop, 0xbrett8571, 0xkazim, 0xnacho, 3agle, 8olidity, ABAIKUNANBAEV, Bauchibred, Co0nan, CrypticShepherd, D_Auditor, DelerRH, HE1M, Iurii3, Kaysoft, MrPotatoMagic, RedOneN, RedTiger, Rolezn, SanketKogekar, Sathish9098, Timenov, Toshii, Vagner, bart1e, bytes032, codetilda, devival, halden, hals, kutugu, m_Rassska, naman1778, nonseodion, seth_lawson, solsaver, squeaky_cactus, totomanov, y51r, yudan, zaevlad

Awards

9.931 USDC - $9.93

Labels

bug
downgraded by judge
grade-b
primary issue
QA (Quality Assurance)
sponsor acknowledged
edited-by-warden
Q-36

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/configuration/LybraConfigurator.sol#L202

Vulnerability details

The setSafeCollateralRatio function contains a potential issue where the requirement for newRatio >= vaultBadCollateralRatio[pool] + 1e19 may not be handled correctly if vaultBadCollateralRatio[pool] does not exist in the mapping. This issue affects the reliability and functionality of the code.

Impact

  • If vaultBadCollateralRatio[pool] does not exist, any newRatio value greater than or equal to 1e19 will bypass the requirement check.
  • This could lead to unintended behavior and compromise the security of the system.
  • Incorrect handling of the mapping access can undermine the integrity and reliability of the collateral ratio requirement.

Proof of Concept

To demonstrate the issue, consider the following scenario:

  • Assume vaultBadCollateralRatio[pool] does not have a value for the given pool.
  • Let's assume the function is called with newRatio greater than or equal to 1e19. In this scenario, the requirement check newRatio >= vaultBadCollateralRatio[pool] + 1e19 will pass, regardless of the actual value of newRatio. This could allow the setting of an invalid vaultSafeCollateralRatio[pool] without the appropriate constraint.

Tools Used

Manual review

To address this issue, it is recommended to perform a check to ensure that vaultBadCollateralRatio[pool] exists before evaluating the requirement.

Assessed type

Invalid Validation

#0 - c4-pre-sort

2023-07-11T18:18:45Z

JeffCX marked the issue as primary issue

#1 - c4-sponsor

2023-07-18T08:26:28Z

LybraFinance marked the issue as sponsor disputed

#2 - LybraFinance

2023-07-18T08:26:39Z

We will ensure that the relevant configurations are in place when the system is running.

#3 - c4-judge

2023-07-27T18:10:31Z

0xean changed the severity to QA (Quality Assurance)

#4 - c4-judge

2023-07-28T18:07:53Z

0xean marked the issue as grade-b

#5 - c4-sponsor

2023-07-29T11:15:29Z

LybraFinance marked the issue as sponsor acknowledged

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter