Back to yongskiws's contests

VTVL contest - yongskiws's results

Building no-code token management tools to empower web3 founders and investors, starting with token vesting.

General Information

Platform: Code4rena

Start Date: 20/09/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 198

Period: 3 days

Judge: 0xean

Total Solo HM: 2

Id: 164

League: ETH

VTVL

Findings Distribution

Researcher Performance

Rank: 151/198

Findings: 1

Award: $18.86

šŸŒŸ Selected for report: 0

šŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVTVL

Findings Information

šŸŒŸ Selected for report: AkshaySrivastav

Also found by: 0v3rf10w, 0x040, 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xA5DF, 0xDecorativePineapple, 0xNazgul, 0xSky, 0xSmartContract, 0xbepresent, 0xf15ers, 0xmatt, 2997ms, Aeros, Aymen0909, B2, Bahurum, Bnke0x0, CertoraInc, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, Diraco, Dravee, ElKu, Funen, IllIllI, JC, JLevick, JohnSmith, JohnnyTime, KIntern_NA, Lambda, Margaret, MasterCookie, OptimismSec, RaymondFam, Respx, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, SooYa, StevenL, TomJ, Tomo, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, async, ayeslick, aysha, berndartmueller, bin2chen, bobirichman, brgltd, bulej93, c3phas, carrotsmuggler, cccz, ch13fd357r0y3r, chatch, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dic0de, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, gogo, got_targ, hansfriese, ignacio, ikbkln, indijanc, innertia, joestakey, karanctf, ladboy233, leosathya, lukris02, martin, medikko, millersplanet, nalus, natzuu, neko_nyaa, neumo, obront, oyc_109, pcarranzav, peanuts, pedr02b2, pedroais, peiw, peritoflores, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, rokinot, romand, rotcivegaf, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, sorrynotsorry, supernova, tibthecat, tnevler, ubermensch, yongskiws, zzykxx, zzzitron

Awards

18.8574 USDC - $18.86

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Dangerous usage of block.timestamp (timestamp)

āŒā€¢ _referenceTs > _claim.endTimestamp (contracts/VTVLVesting.sol#154) ā€¢ _referenceTs >= _claim.cliffReleaseTimestamp (contracts/VTVLVesting.sol#160) ā€¢ _referenceTs > _claim.startTimestamp (contracts/VTVLVesting.sol#166) ā€¢ (vestAmt > _claim.amountWithdrawn) (contracts/VTVLVesting.sol#187)

āŒā€¢ require(bool,string)(tokenAddress.balanceOf(address(this)) >= numTokensReservedForVesting + allocatedAmount,INSUFFICIENT_BALANCE) (contracts/VTVLVesting.sol#295)

āŒā€¢ require(bool,string)(_claim.amountWithdrawn < finalVestAmt,NO_UNVESTED_AMOUNT) (contracts/VTVLVesting.sol#426)

āŒā€¢ require(bool,string)(allowance > usrClaim.amountWithdrawn,NOTHING_TO_WITHDRAW) (contracts/VTVLVesting.sol#374)

āŒā€¢ require(bool,string)(amountRemaining >= _amountRequested,INSUFFICIENT_BALANCE) (contracts/VTVLVesting.sol#402)

Reentrancy vulnerabilities leading to out-of-order Events

āŒ ā€¢ tokenAddress.safeTransfer(_msgSender(),amountRemaining) (contracts/VTVLVesting.sol#388) ā€¢ Claimed(_msgSender(),amountRemaining) (contracts/VTVLVesting.sol#391)

āŒ Reentrancy in VTVLVesting.withdrawAdmin(uint112) (contracts/VTVLVesting.sol:398-411): ā€¢ tokenAddress.safeTransfer(_msgSender(),_amountRequested) (contracts/VTVLVesting.sol#407) ā€¢ AdminWithdrawn(_msgSender(),_amountRequested) (contracts/VTVLVesting.sol#410)

Multiple calls in a loop (calls-loop)

āŒ VTVLVesting._createClaimUnchecked(address,uint40,uint40,uint40,uint40,uint112,uint112) (contracts/VTVLVesting.sol:245-304) has external calls inside a loop: require(bool,string)(tokenAddress.balanceOf(address(this)) >= numTokensReservedForVesting + allocatedAmount,INSUFFICIENT_BALANCE) (contracts/VTVLVesting.sol#295)

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Ā© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter