Platform: Code4rena
Start Date: 09/12/2021
Pot Size: $50,000 USDC
Total HM: 19
Participants: 21
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 61
League: ETH
Rank: 9/21
Findings: 3
Award: $1,690.45
🌟 Selected for report: 5
🚀 Solo Findings: 0
0x1f8b
The contract doesn't work as expected.
The method, emergencyWithdraw inside the contract yield/NoYield doesn't work as expected, the transfer was done with received value, and it should be done with amount, so the emergencyWithdraw never will work, always it will send 0 tokens.
Manual review
Fix to send the amount:
#0 - ritik99
2021-12-27T05:16:07Z
Duplicate of #115
🌟 Selected for report: sirhashalot
51.3353 USDC - $51.34
0x1f8b
In some cases, they may not make the transfers or approvals.
The definition of the ERC-20 standard states that the transfer and transferFrom methods must return a boolean value that determines whether the result was successful or not. Throughout the audited contracts there are calls to the transfer methods that do not verify this result, leaving the open possibility that the execution is not as expected by the developer.
We recommend that you check the returned value using the require clause or to unify these calls by using the safeTransfer and safeTransferFrom wrappers of OpenZeppelin.
Source reference:
Manual review
Use safeTransfer, safeApprove and safeTransferFrom
#1 - 0xean
2022-01-21T21:19:25Z
dupe of #2
🌟 Selected for report: 0x1f8b
83.4956 USDC - $83.50
0x1f8b
Gas saving.
In the method updateStrategy and removeStrategy of StrategyRegistry contract, when the contract want to remove a strategy, the old one, it's set to false, instead of use delete, this will remaing the storage space and it has expensive than use delete.
Manual review
Use delete instead of set to false
🌟 Selected for report: 0x1f8b
83.4956 USDC - $83.50
0x1f8b
Gas saving.
The method addStrategy inside StrategyRegistry do a require with safe math: require(strategies.length.add(1) <= maxStrategies, "StrategyRegistry::addStrategy - Can't add more strategies"); is not possible to has a map that could lead in an integer overflow, so remove this add and use a regular + will safe gas.
Manual review
Remove safe math in this call
🌟 Selected for report: 0x1f8b
83.4956 USDC - $83.50
0x1f8b
Gas saving.
In the contract StrategyRegistry the method initialize execute a require in order to check that the _maxStrategies is different than 0, this check will be done later inside the method _updateMaxStrategies, so it's duplicated and can be removed.
Manual review
Remove the _maxStrategies checks inside the initialize method.
🌟 Selected for report: 0x1f8b
83.4956 USDC - $83.50
0x1f8b
Gas saving.
The method initializeRepayment inside the contract Repayments has multipe storage access, it's better to get a pointer of the RepaymentConstants with the storage keyword in order to avoid seeking and storage access.
Manual review
Use storage keyword in order to save gas
🌟 Selected for report: 0x1f8b
Also found by: TomFrenchBlockchain
37.573 USDC - $37.57
0x1f8b
Gas saving.
It's possible to optimize the struct CreditLineConstants from CreditLine contract, the last 4 fields spend 3 storage slots, moving the boolean values between the address values, it will spend only two slots as follows:
address lender; address borrower; uint256 borrowLimit; uint256 idealCollateralRatio; uint256 borrowRate; address borrowAsset; bool autoLiquidation; address collateralAsset; bool requestByLender; }```. ## Tools Used Manual review. ## Recommended Mitigation Steps Reorder the structs fields