Platform: Code4rena
Start Date: 29/03/2022
Pot Size: $30,000 USDC
Total HM: 6
Participants: 24
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 101
League: ETH
Rank: 17/24
Findings: 2
Award: $114.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
78.2033 USDC - $78.20
_withdrawLiquidity() requires that block.timestamp > pooledCLConstants[_id].startTime but should be >= as startTime should be inclusive of the event occurring.
In the event that the _borrowAsset gives control on transfer such as with an ERC777, the protocolFeeCollector is able to stop all withdrawals by throwing an error prior to the liquidity being sent to the user in the following line.
Ensure the penalty collector is a trusted smart contract or an EOA.
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
The comment highlighted in the link seems to be copied from the depositCollateral() function above it. For the withdrawCollateral() function this does not make sense.
#0 - ritik99
2022-04-13T09:25:11Z
36.5427 USDC - $36.54
If _amount == _totalCurrentDebt, it's unnecessary to write it to _amount.
repay()If you add a check require(_amount > 0), it will save a lot of unnecessary code execution within this function in the case of 0 amount payments.
Instantiate IERC20(_borrowAsset) once and then call it multiple times.
#0 - ritik99
2022-04-12T15:20:47Z
Suggestions 2 and 3 are valid, while suggestion 1 is invalid. The correct assignment needs to be made for the right amount to be transferred