Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $35,000 USDC
Total HM: 10
Participants: 126
Period: 3 days
Judge: Justin Goro
Total Solo HM: 3
Id: 154
League: ETH
Rank: 17/126
Findings: 2
Award: $391.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CertoraInc
Also found by: 0x1f8b, 0xSky, CodingNameKiki, DecorativePineapple, Noah3o6, Waze, jonatascm, oyc_109, pedr02b2, peritoflores
VotingEscrow will not work for such tokens.
This issue is same as a previous contest. https://code4rena.com/reports/2022-05-factorydao/#m-03-safetransferfrom-is-recommended-instead-of-transfer-1
In the implementation of token transfer, the return value is checked after token transfer. But some tokens do not return bool values. After DM, I know you don't use these kinds of tokens, but this contract can be used on top of most of ERC20 tokens, and this can be a problem when we extend the usage.
#0 - lacoop6tu
2022-08-16T14:20:24Z
Duplicate of #231
🌟 Selected for report: Aymen0909
Also found by: 0xSky, 0xf15ers, CertoraInc, JohnSmith, auditor0517, bin2chen, csanuragjain, scaraven, tabish, wagmi, yixxas
Checkpoint end time is not correct.
The user's voting power can be significantly decreased.
At L513 of VotingEscrow.sol, when we increase unlock time, oldLocked.end should be oldUnlockTime instead of unlock_time.
We can double-check it from the Checkpoint Math documentation here.
https://github.com/code-423n4/2022-08-fiatdao/blob/main/CheckpointMath.md#increaseunlocktime
In the worst senario, if oldUnlockTime is 1 WEEK, and unlock_time is 1 YEAR, there will be some significant decrease of voting power in _checkpoint function.
But I think this is very likely to a typo, so I will not add detailed showcase.
Manual Review
- oldLocked.end = unlock_time; + oldLocked.end = oldUnlockTime;
#0 - lacoop6tu
2022-08-16T14:41:53Z
Duplicate of #217