Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Security Vulnerabilities and Improvements

zaa

Summary

Transaction Context Security

function checkSenderAndValue() public payable {
Assert.equal(msg.sender, TestsAccounts.getAccount(1), "Invalid sender");
Assert.equal(msg.value, 100, "Invalid value");
}

Vulnerability Details

No reentrancy protection despite handling Ether.
Uses Assert.equal which can be exploited.
Allows recursive calls that could drain funds.
No gas cost validation
Potential for arithmetic flow
Hardcoded value of 100 without context

Impact

Financial impact
1. Potential for fund theft thorugh reentrancy attacks
2. Unintended Ether transferes due to fixed value assumptions
Security Impact
1. Complete system compromise possible through reentrancy
2. Unauthorized access due to inadequate sender validation
Operational Imact
1. Inconsistent test results due to fixed assumptions
2. Potential for test suite failiures
3. Difficulty in maintaing and updating tests

Tools Used

Manual Review

Recommendations

This code implements a secure transaction verification system with multiple layers of protection against various types of attacks.

modifier reentrancyGuard() {

require(!locked, "Reentrancy attempt detected");

locked = true;

locked = false;

}

modifier validateTransaction(uint256 expectedValue) {

require(msg.value >= expectedValue, "Insufficient value");

require(msg.value <= MAX_VALUE, "Value too high");

require(tx.gasprice <= MAX_GAS_PRICE, "Gas price too high");

}

function checkSenderAndValue() public payable reentrancyGuard validateTransaction(100) {

// Validate sender with flexible authorization

require(isAuthorizedTester[msg.sender], "Unauthorized tester");

// Safe value comparison with overflow protection

require(msg.value == 100, "Invalid value");

// Emit event for transaction verification

emit TransactionVerified(msg.sender, msg.value);

}

Updates

Lead Judging Commences

0xnevi Lead Judge

6 months ago

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.