BadgerDAO ibBTC Wrapper contest - ych18's results

Building Products to Bring BTC to DeFi.

General Information

Platform: Code4rena

Start Date: 28/10/2021

Pot Size: $30,000 ETH

Total HM: 8

Participants: 19

Period: 3 days

Judge: leastwood

Total Solo HM: 4

Id: 47

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 18/19

Findings: 1

Award: $91.71

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository BadgerDAO

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: cmichel

Also found by: defsec, pants, ych18

Labels

bug

duplicate

1 (Low Risk)

sponsor acknowledged

Awards

91.7149 USDC - $91.71

External Links

Link to GitHub issue

Handle

ych18

Vulnerability details

No access control for the initialize() function. Hence, if the contract is deployed, an attacker could call this function before the deployer and set the different parameters of initialize().

Recommendation: Use a constructor that set a deployer address. Add an access control for the initialize() function that allows only the deployer to call this function

#0 - 0xleastwood
2021-12-04T09:00:16Z

#40

BadgerDAO ibBTC Wrapper contest - ych18's results

Building Products to Bring BTC to DeFi.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $91.71

QA Report - $91.71

[L-07] No restriction for initialize() function - $91.71

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

#0 - 0xleastwood2021-12-04T09:00:16Z

#0 - 0xleastwood
2021-12-04T09:00:16Z