Stratax Contracts

First Flight #57

Beginner FriendlyDeFi

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: high

ABI Mismatch Between IStratax and Stratax Causes Integration DoS

Author Revealed upon completion

Root + Impact

Root Cause: IStratax declares function signatures and struct layouts that do not match the implementation in Stratax.
Impact: High. Integrations that rely on IStratax will generate incorrect function selectors/ABI encoding, causing calls to revert or to target non‑existent selectors.

Description

Normal behavior: Interfaces must match implementation signatures and struct layouts to ensure correct calldata encoding.
Issue: IStratax.unwindPosition and IStratax.TradeDetails do not match Stratax:
- unwindPosition in IStratax omits _collateralToWithdraw and has a different parameter order.
- calculateParams is declared in IStratax, while Stratax defines calculateOpenParams with a different name and signature.
- TradeDetails in IStratax omits token addresses, while Stratax.TradeDetails includes them.

// IStratax.sol

function unwindPosition(

address _collateralToken,

address _debtToken,

uint256 _debtAmount,

bytes calldata _oneInchSwapData,

uint256 _minReturnAmount

) external;

struct TradeDetails {

uint256 ltv;

uint256 desiredLeverage;

uint256 collateralAmount;

uint256 collateralTokenPrice;

uint256 borrowTokenPrice;

uint256 collateralTokenDec;

uint256 borrowTokenDec;

}

function calculateParams(TradeDetails memory details)

external

view

returns (uint256 flashLoanAmount, uint256 borrowAmount);

// Stratax.sol

function unwindPosition(

address _collateralToken,

uint256 _collateralToWithdraw,

address _debtToken,

uint256 _debtAmount,

bytes calldata _oneInchSwapData,

uint256 _minReturnAmount

) public onlyOwner;

struct TradeDetails {

address collateralToken;

address borrowToken;

uint256 desiredLeverage;

uint256 collateralAmount;

uint256 collateralTokenPrice;

uint256 borrowTokenPrice;

uint256 collateralTokenDec;

uint256 borrowTokenDec;

}

function calculateOpenParams(TradeDetails memory details)

public

view

returns (uint256 flashLoanAmount, uint256 borrowAmount);

Risk

Likelihood:

High for any integration that imports IStratax (e.g., frontends, routers, scripts).

Impact:

Calls revert due to selector mismatch, breaking unwind and parameter calculation flows.

Proof of Concept

Deploy Stratax.
Use IStratax to call unwindPosition and calculateParams.
Observe reverts due to selector/ABI mismatch.

// File: test/audit/PoC_InterfaceMismatch.t.sol

// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.13;

import {Test} from "forge-std/Test.sol";

import {Stratax} from "../../src/Stratax.sol";

import {IStratax} from "../../src/interfaces/internal/IStratax.sol";

contract PoC_InterfaceMismatch is Test {

Stratax public stratax;

address public ownerTrader = address(0x123);

function setUp() public {

stratax = new Stratax();

stratax.initialize(address(1), address(2), address(3), address(4), address(5));

stratax.transferOwnership(ownerTrader);

}

function test_UnwindPosition_InterfaceSelectorMismatch_Reverts() public {

IStratax api = IStratax(address(stratax));

vm.prank(ownerTrader);

vm.expectRevert();

api.unwindPosition(address(1), address(2), 1, "", 0);

}

function test_CalculateParams_InterfaceSelectorMismatch_Reverts() public {

IStratax api = IStratax(address(stratax));

IStratax.TradeDetails memory details = IStratax.TradeDetails({

ltv: 8000,

desiredLeverage: 20000,

collateralAmount: 1000,

collateralTokenPrice: 1e8,

borrowTokenPrice: 1e8,

collateralTokenDec: 6,

borrowTokenDec: 18

});

vm.expectRevert();

api.calculateParams(details);

}

Test Result

forge test --match-path test/audit/PoC_InterfaceMismatch.t.sol -vv

Ran 2 tests for test/audit/PoC_InterfaceMismatch.t.sol:PoC_InterfaceMismatch

[PASS] test_CalculateParams_InterfaceSelectorMismatch_Reverts() (gas: 9676)

[PASS] test_UnwindPosition_InterfaceSelectorMismatch_Reverts() (gas: 11947)

Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.06ms (612.52µs CPU time)

Recommended Mitigation

Align IStratax with the actual implementation:

Update unwindPosition signature to include _collateralToWithdraw and match parameter order.
Update TradeDetails struct layout to match Stratax.

Rewards breakdown

nSLOC

356

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!