Back to 0x29A's contests

Yield Witch v2 contest - 0x29A's results

Fixed-rate borrowing and lending on Ethereum

General Information

Platform: Code4rena

Start Date: 14/07/2022

Pot Size: $25,000 USDC

Total HM: 2

Participants: 63

Period: 3 days

Judge: PierrickGT

Total Solo HM: 1

Id: 147

League: ETH

Yield

Findings Distribution

Researcher Performance

Rank: 8/63

Findings: 2

Award: $132.78

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYield

Findings Information

🌟 Selected for report: hickuphh3

Also found by: 0x29A, 0x52, 0xNazgul, Chom, Deivitto, ElKu, Funen, IllIllI, Meera, ReyAdmirado, SooYa, TomJ, Trumpero, Waze, __141345__, ak1, asutorufos, c3phas, cRat1st0s, csanuragjain, delfin454000, exd0tpy, fatherOfBlocks, hake, hansfriese, horsefacts, hyh, karanctf, kenzo, kyteg, ladboy233, pashov, peritoflores, rajatbeladiya, rbserver, reassor, rokinot, simon135, wastewa

Awards

115.9068 USDC - $115.91

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA report

Non-critical

[N-01] Constants should be defined and documented rather than using magic numbers

  • The 0.01e18 in lines 63, 105, 108 who reference to 1%
  • The 1e18 in lines 102, 103, 162, 163, 587, 591 who reference to 100%
  • The 10 in lines 233, 438 who reference the base

[N-02] Remove param parameter of point function

As the param must be "ladle" always, remove this one

/// @dev Point to a different ladle
/// @param value Address of new ladle
function point(address value) external auth {
    ladle = ILadle(value);
    emit Point(param, value);
}

Low Risk

[L-01] Missing checks for address(0) when assigning values to address state variables

Consider add a require(value != address(0), "The value should no be the zero address");

  • L83, L141: assigning values to address state variables If assing a wrong address in point function could be broke the payBaseand _payInk functions
  • L176: Receiver of the auctioneer reward
  • L286, L346: Receiver of the collateral bought

[L-02] The setLine and setLimit functions don't check the parameters

The parameters ilkId, baseId and setIgnoredPair is not checked, the ids maybe don't exist

#0 - alcueca

2022-07-22T14:09:16Z

None useful. Could be excused for not knowing point follows one of our standards. Certain magic numbers are very recognizable.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, Aymen0909, Chom, Deivitto, ElKu, JC, JohnSmith, Kaiziron, Limbooo, MadWookie, Meera, ReyAdmirado, Rohan16, Sm4rty, SooYa, TomJ, Trumpero, Waze, __141345__, ajtra, ak1, antonttc, bulej93, c3phas, cRat1st0s, csanuragjain, defsec, durianSausage, fatherOfBlocks, gogo, hake, hickuphh3, ignacio, joestakey, karanctf, kyteg, m_Rassska, pashov, rajatbeladiya, rbserver, robee, rokinot, samruna, sashik_eth, simon135, tofunmi

Awards

16.8729 USDC - $16.87

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas report

[G-01] Load var in storage type as much as possible

From:

L197: DataTypes.Limits memory limits_ = limits[vault.ilkId][
L299: DataTypes.Auction memory auction_ = auctions[vaultId];
L357: DataTypes.Auction memory auction_ = auctions[vaultId];
L419: DataTypes.Limits memory limits_ = limits[auction_.ilkId][
L569: DataTypes.Line memory line_ = lines[auction_.ilkId][

To:

L197: DataTypes.Limits storage limits_ = limits[vault.ilkId][
L299: DataTypes.Auction storage auction_ = auctions[vaultId];
L357: DataTypes.Auction storage auction_ = auctions[vaultId];
L419: DataTypes.Limits storage limits_ = limits[auction_.ilkId][
L569: DataTypes.Line storage line_ = lines[auction_.ilkId][
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter