Platform: Code4rena
Start Date: 03/05/2022
End Date: 09/05/2022
Period: 7 days
Status: Completed
Pot Size: $75,000 USDC
Participants: 55
Reporter: liveactionllama
Judge: Albert Chon
Id: 116
League: COSMOS
defsec | 1/55 | $13,850.66 | 4 | 0 | 0 | 2 | 1 | - | - | 0 |
sorrynotsorry | 2/55 | $13,156.60 | 3 | 0 | 0 | 1 | 1 | - | - | 0 |
CertoraInc | 3/55 | $6,741.71 | 4 | 0 | 0 | 2 | 0 | - | - | 0 |
p_crypt0 | 4/55 | $6,338.83 | 2 | 0 | 0 | 2 | 0 | 0 | 0 | 0 |
IllIllI | 5/55 | $5,500.94 | 3 | 0 | 0 | 1 | 0 | - | - | 0 |
dirk_y | 6/55 | $4,927.30 | 3 | 0 | 0 | 2 | 0 | - | 0 | 0 |
0xDjango | 7/55 | $3,686.53 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
GermanKuber | 8/55 | $1,836.27 | 4 | 0 | 0 | 2 | 0 | - | - | 0 |
WatchPug | 9/55 | $1,806.99 | 5 | 0 | 0 | 3 | 0 | - | - | 0 |
0x1337 | 10/55 | $1,789.31 | 3 | 0 | 0 | 2 | 0 | - | 0 | 0 |
Auditor per page
This contest is open for one week. Representatives from Cudos will be available in the Code Arena Discord to answer any questions during the contest period. The focus for the contest is to try and find any logic errors or ways to drain funds in a way that is advantageous for an attacker at the expense of users with funds invested in the protocol. Wardens should assume that governance variables are set sensibly (unless they can find a way to change the value of a governance variable, and not counting social engineering approaches for this).
The Cudos Network is a special-purpose blockchain designed to provide high-performance, trustless, and permissionless cloud computing for all. It is based on Cosmos SDK. The focus of the contest is the Bridge which contains a Cosmos module, Solidity smart contracts and associated relaying/oracle code.
It currently supports bridging of CUDOS tokens between the Ethereum and Cudos ecosystems. It is based on Althea's Gravity Bridge.
CudosAccessControls.Usage example:
SendToCosmos. The address is a Cudos network address.send-to-eth method they specify an Ethereum address and amount.The Gravity module is resposible for handling all transactions in the Cudos Network related to the bridge.
The following contracts are in-scope for the audit.
Stores a real time representation of the validator set of the Cudos Network. For optimisation hash is representing the full validator set and voting power. This contract's events are tracked by the oracle component of the bridge in order to perform actions triggered on the Ethereum network on the Cudos Network.
ERC-20 Cudos token contract.
Access controls contract managing user roles. Gravity.sol verifies ceraiain functions access based on the user defined roles.
For local builds you can use the Cudos Builders
Token repo: https://github.com/CudoVentures/cudos-eth-token-contract
Cudos-noded repo: https://github.com/CudoVentures/cudos-node
Gravity bridge repo: https://github.com/CudoVentures/cosmos-gravity-bridge
Bridge user doc: https://docs.cudos.org/learn/gravity-bridge.html
Network resources: https://docs.cudos.org/
Gravity contracts: 0x8f8baFF99FCe5F6Df2abc073A55aB69D8aF13D22
Block Explorer: http://34.132.35.39:3000/
Bridge UI: http://34.132.35.39:4000/