Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 90/99
Findings: 1
Award: $26.57
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
26.5707 USDC - $26.57
IYieldy(OLD_YIELDY_TOKEN).transferFrom( //@audit msg.sender, address(this), userWalletBalance );
LiquidityReserve.enableLiquidityReserve() (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#57-86)
Staking.unstake() (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#674-696)
Staking.initialize()._feeAddress (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#46)
Staking.setCurvePool()._curvePool (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#157)
Staking.setAffiliateAddress()._affiliateAddress (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#177)
require( _stakingToken != address(0) && _yieldyToken != address(0) && _tokeToken != address(0) && _tokePool != address(0) && _tokeManager != address(0) && _tokeReward != address(0) && _liquidityReserve != address(0), "Invalid address" );
epoch.endTime = epoch.endTime + epoch.duration; epoch.timestamp = block.timestamp; epoch.number++;
modify to
epoch.endTime += epoch.duration; epoch.timestamp = block.timestamp; ++epoch.number;
ITokePool tokePoolContract = ITokePool(TOKE_POOL); uint256 balance = ITokePool(TOKE_POOL).balanceOf(address(this));
to
ITokePool tokePoolContract = ITokePool(TOKE_POOL); uint256 balance = tokePoolContract.balanceOf(address(this));
uint256 totalTokeAmount = IERC20Upgradeable(TOKE_TOKEN).balanceOf( address(this) ); IERC20Upgradeable(TOKE_TOKEN).safeTransfer( _claimAddress, totalTokeAmount );
ITokeReward tokeRewardContract = ITokeReward(TOKE_REWARD); tokeRewardContract.claim(_recipient, _v, _r, _s);