Platform: Code4rena
Start Date: 10/03/2022
Pot Size: $75,000 USDT
Total HM: 25
Participants: 54
Period: 7 days
Judge: pauliax
Total Solo HM: 10
Id: 97
League: ETH
Rank: 9/54
Findings: 3
Award: $2,046.25
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hickuphh3
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xngndev, 0xwags, Cantor_Dust, CertoraInc, Dravee, IllIllI, PPrieditis, Ruhum, TerrierLover, WatchPug, XDms, benk10, berndartmueller, bitbopper, catchup, cmichel, cryptphi, csanuragjain, danb, defsec, gzeon, hagrid, hubble, jayjonah8, kenta, kyliek, minhquanym, rfa, robee, saian, samruna, throttle, ye0lde, z3s
118.9321 USDT - $118.93
No 0 address check on Deposit. Wallet may default to 0 upon lack of input parameter causing permanent loss of NFT.
require(_to != address(0), "Address Can't Be Zero")
I'm submitting this bug as I was reviewing a similar submission in prior contest. https://github.com/code-423n4/2022-01-elasticswap-findings/issues/87#issuecomment-1030627836
Nft.upaidRewards reset upon withdrawal. This feels a bit unfair if a user means to collect rewards while withdrawing NFT. If there are not enough rewards in the contract balance, the unpaidRewards will be deleted upon withdrawal with the line delete nftInfo[_nftId];. I'm not sure the user will have visibility into the contract's current balance, whether Native or token, prior to deciding to withdraw. Either way, I think it would be a bad user experience to withdraw and realize all of your pending rewards for a potentially long staking period were erased due to bad timing.
Consider adding an emergencyWithdraw method which explicitly states that pending rewards might be forfeited or keeping track of users' unpaid balances somewhere other than nftInfo[_nftId] which is deleted upon withdrawal. Optional ability for users to claim unpaid rewards AFTER withdrawal following an increase in the contract's balance.
#0 - pauliax
2022-05-09T13:48:50Z
Issue 2 should be upgraded to high severity: #135
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xngndev, 0xwags, Cantor_Dust, CertoraInc, IllIllI, Jujic, Kenshin, Kiep, PPrieditis, TerrierLover, Tomio, WatchPug, antonttc, benk10, berndartmueller, bitbopper, csanuragjain, defsec, gzeon, hagrid, hickuphh3, kenta, minhquanym, oyc_109, pedroais, peritoflores, rfa, robee, saian, samruna, sirhashalot, throttle, wuwe1, z3s
59.6256 USDT - $59.63
Repeated calls to tokenManager.getDepositConfig() in single require statement in LiquidityPool.sol. The same require statement is used in both the depositErc20 and despositNative functions.
TokenConfig memory tc = getDepositConfig(); require(tc.min <= amount && tc.max >= amount, "Deposit amount not in Cap limit");
I tested both the original and revised methods in Remix and found that the revised method consumed 508 less gas than the original implementation. See code below:
// SPDX-License-Identifier: GPL-3.0 pragma solidity 0.8.0; contract GasTest { struct TokenConfig { uint256 min; uint256 max; } mapping(uint256 => mapping(address => TokenConfig)) public depositConfig; function setDepositConfig() public { depositConfig[0][msg.sender].min = 1; depositConfig[0][msg.sender].max = 9; } function getDepositConfig() public view returns(TokenConfig memory) { return depositConfig[0][msg.sender]; } // Consumes 26789 gas function gasTestOriginal(uint256 amount) public view { require(getDepositConfig().min <= amount && getDepositConfig().max >= amount, "Deposit amount not in Cap limit"); } // Consumes 26281 gas function gasTestRevised(uint256 amount) public view { TokenConfig memory tc = getDepositConfig(); require(tc.min <= amount && tc.max >= amount, "Deposit amount not in Cap limit"); } }