Platform: Code4rena
Start Date: 08/09/2023
Pot Size: $70,000 USDC
Total HM: 8
Participants: 84
Period: 6 days
Judge: gzeon
Total Solo HM: 2
Id: 285
League: ETH
Rank: 75/84
Findings: 1
Award: $12.79
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: castle_chain
Also found by: 0xAadi, 0xHelium, 0xLook, 0xblackskull, 0xfuje, 0xmystery, 0xnev, 0xpiken, 7ashraf, BARW, Bauchibred, Bughunter101, Ch_301, JP_Courses, Kaysoft, Krace, MohammedRizwan, SanketKogekar, Sathish9098, alexzoid, ast3ros, btk, catellatech, degensec, fatherOfBlocks, grearlake, imtybik, jkoppel, jolah1, klau5, lsaudit, m_Rassska, merlin, mrudenko, nobody2018, rokinot, rvierdiiev, sandy
12.7917 USDC - $12.79
LiquidityPool.sol Line 96
96: /// @dev Either msg.sender is the owner or a ward on the contract @audit comment is wrong 97: modifier withApproval(address owner) { 98: require(msg.sender == owner, "LiquidityPool/no-approval"); 99: _; 100: }
This modifier should only check that the owner is the msg.sender.
LiquidityPool.sol Line 149
148: function mint(uint256 shares, address receiver) public returns (uint256 assets) { 149: // require(receiver == msg.sender, "LiquidityPool/not-authorized-to-mint"); 150: assets = investmentManager.processMint(receiver, shares); 151: emit Deposit(address(this), receiver, assets, shares); 152: }
14: function rely(address user) external auth { 15: wards[user] = 1; 16: emit Rely(user); 17: }
20: function deny(address user) external auth { 21: wards[user] = 0; 22: emit Deny(user); 23: }
34: function addPauser(address user) external auth { 35: pausers[user] = 1; 36: emit AddPauser(user); 37: }
39: function removePauser(address user) external auth { 40: pausers[user] = 0; 41: emit RemovePauser(user); 42: }
81: mapping(address => mapping(address => LPValues)) public orderbook;
56: mapping(bytes16 => Tranche) tranches; 57: mapping(address => bool) allowedCurrencies;
72: mapping(address => address) liquidityPools; // currency -> liquidity pool address
88: mapping(uint64 => Pool) public pools;
91: mapping(uint128 => address) public currencyIdToAddress; 92: mapping(address => uint128) public currencyAddressToId;
21: mapping(address => uint256) public schedule;
17: mapping(address => mapping(address => uint256)) destinations;
13: mapping(address => uint256) public pausers;
89: mapping(address => bool) public incomingRouters;
17: mapping(address => uint256) public wards;
25: mapping(address => uint256) public balanceOf; 26: mapping(address => mapping(address => uint256)) public allowance; 27: mapping(address => uint256) public nonces;
20: mapping(address => uint256) public members;
26: mapping(address => bool) public liquidityPools;
8: mapping(address => uint256) public wards;
the highest tier of smart contract behavior assurance is formal mathematical verification. All assertions that are made are guaranteed to be true across all inputs → The quality of your asserts is the quality of your verification. https://twitter.com/0xOwenThurm/status/1614359896350425088?t=dbG9gHFigBX85Rv29lOjIQ&s=19
#0 - c4-pre-sort
2023-09-17T01:50:57Z
raymondfam marked the issue as sufficient quality report
#1 - c4-judge
2023-09-26T17:33:06Z
gzeon-c4 marked the issue as grade-b