Platform: Code4rena
Start Date: 19/04/2022
Pot Size: $30,000 USDC
Total HM: 10
Participants: 43
Period: 3 days
Judges: moose-code, JasoonS
Total Solo HM: 7
Id: 90
League: ETH
Rank: 21/43
Findings: 2
Award: $101.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xkatana, Dravee, Kenshin, Tadashi, TerrierLover, abhinavmir, defsec, ellahi, fatima_naz, foobar, gzeon, hyh, joestakey, kebabsec, kenta, minhquanym, oyc_109, rayn, robee, sseefried, xpriment626, z3s
62.9884 USDC - $62.99
Almost all functions in vToken.sol have no checks or limits the value for the respective fucntion either mint or transfer. Unlimited minting of tokens in vToken.sol for ORDERER_ROLE as there is no check in mint() function regarding the limit, which poses centralisation risk for the protool.
PhutureIndex.sol - l#65(safemint) , l#49(safetransfer) IndexLogic.sol - l#166 (prefer safetransfer consistently)
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s
38.5445 USDC - $38.54
chainlinkpriceoracle.md - l#86 ManagedIndexReweightingLogic.sol - l#29-32
BaseIndex.sol - l#77 IndexLibrary.sol - l#14,17,26 TopNMarketCapIndex.sol - l#8
IndexLibrary.sol l#29 (_assetPerBaseInUQ) IndexLogic.sol - l#98 (value)
UniswapV2PricePathOracle.sol - It don't follow prefix optimisations for loops, It should also use prefix ++i instead of i++ to save gas as other