Spartan Protocol contest - zer0dot's results

Community-governed token to incentivize deep liquidity pools for leveraged synthetic token generation.

General Information

Platform: Code4rena

Start Date: 15/07/2021

Pot Size: $80,000 USDC

Total HM: 28

Participants: 18

Period: 7 days

Judge: ghoulsol

Total Solo HM: 18

Id: 20

League: ETH

Spartan Protocol

Findings Distribution

Researcher Performance

Rank: 18/18

Findings: 2

Award: $124.95

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Spartan Protocol

Findings Information

🌟 Selected for report: gpersoon

Also found by: 0xRajeev, 7811, JMukesh, cmichel, heiho1, jonah1005, k, maplesyrup, shw, zer0dot

Labels

bug

duplicate

3 (High Risk)

Awards

124.9539 USDC - $124.95

External Links

Link to GitHub issue

Handle

zer0dot

Vulnerability details

Impact

The contracts do not use an equivalent of SafeERC20, which could result in unexpected behavior.

Proof of Concept

One example of a missing return value check is in the Dao.sol contract here

In order to maintain proper accounting, the protocol relies on workarounds like _getAddedBaseAmount() and _getAddedTokenAmount() in Pool.sol here.

Tools Used

Recommended Mitigation Steps

Use SafeERC20 (or an equivalent for BEP20) to ensure expected behavior without having to use workarounds.

#0 - SamusElderg
2021-07-26T01:47:01Z

Duplicate of #8

Spartan Protocol contest - zer0dot's results

Community-governed token to incentivize deep liquidity pools for leveraged synthetic token generation.

General Information

Findings Distribution

Researcher Performance

External Links

[H-03] Confusing Unchecked Return Values - $124.95

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - SamusElderg2021-07-26T01:47:01Z

#0 - SamusElderg
2021-07-26T01:47:01Z