Platform: Code4rena
Start Date: 27/04/2022
Pot Size: $50,000 MIM
Total HM: 6
Participants: 59
Period: 5 days
Judge: 0xean
Id: 113
League: ETH
Rank: 16/59
Findings: 3
Award: $657.08
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s
79.0593 MIM - $79.06
asset tooinit() function, there is zero address check for collateral but not asset. Consider adding same check for asset too.USE_VALUE2 is declared but not used anywhere inside the contract.cook() function accepts unbounded arrays as input, which could grow gas cost large to unfit in a single block.bool return value of variable success is not checked/handled in removeCollateral() of NFTPairWithOracle.sol#0 - cryptolyndon
2022-05-12T04:58:25Z
Seen. See #30 for 1. Can't argue with 2. 3 is one of many ways to run out of gas using cook()
4 warrants designation as a "proper" issue; duplicate of #21
🌟 Selected for report: BowTiedWardens
Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s
44.3166 MIM - $44.32
withdrawFees(), setFeeTo(), init(), updateLoanParams(), etc. are declared as public and not called anywhere within the contract, making them external will save gas++i instead of i++ saves gasactions can be cached to save gas.#0 - cryptolyndon
2022-05-14T01:10:08Z
Seen, thanks