Platform: Code4rena
Start Date: 28/04/2022
Pot Size: $50,000 USDC
Total HM: 7
Participants: 43
Period: 5 days
Judge: gzeon
Total Solo HM: 2
Id: 115
League: ETH
Rank: 10/43
Findings: 3
Award: $1,259.52
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: broccolirob, pauliax
1119.4434 USDC - $1,119.44
https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/oracles/GUniLPOracle.sol#L47 https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/oracles/GUniLPOracle.sol#L51
It is possible to produce underflows with specific tokens which can cause errors when calculating prices.
The pragma is pragma solidity 0.6.12; therefore, integer overflows must be protected with safe math. But in the case of GUniLPOracle, there is a decimal subtraction that could underflow if any token in the pool has more than 18 decimals. this could cause an error when calculating price values.
Ensure that tokens have less than 18 decimals.
#0 - m19
2022-05-05T08:27:39Z
We confirm this issue
🌟 Selected for report: Dravee
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s
89.0354 USDC - $89.04
transfer, approve and transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of these methods.51.0404 USDC - $51.04
immutable keyword for the following variables:base at SuperVaultFactory.sol#L15i++ to ++i in order to save some opcodes:ABDKMath64x64, there are a lot of optimizations with unchecked regions.