Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 77/246
Findings: 2
Award: $61.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ladboy233
Also found by: 0xkazim, 0xnev, Bauer, J4de, Matin, UniversalCrypto, cryptothemex, jasonxiale, juancito, koxuan, latt1ce, neumo
48.6252 USDC - $48.63
Division before multipilication incurs uncessary precision loss. in Reth.sol contract function deposit() it calculates minOut in a way that may cause uncessary precision loss by dividing before multiplication.
In the current Reth.sol codebase in deposit() the function calculating the minOut in way that cause precision loss
file: contracts/SafEth/derivatives/Reth.sol uint256 minOut = ((((rethPerEth * msg.value) / 10 ** 18) * ((10 ** 18 - maxSlippage))) / 10 ** 18);
vs code & my knowledge
I recommend avoiding divison before multiplication and always perform division operation at last.
#0 - c4-pre-sort
2023-04-03T07:27:19Z
0xSorryNotSorry marked the issue as low quality report
#1 - c4-pre-sort
2023-04-04T16:40:07Z
0xSorryNotSorry marked the issue as duplicate of #1044
#2 - c4-judge
2023-04-22T10:32:20Z
Picodes marked the issue as satisfactory
🌟 Selected for report: brgltd
Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron
13.1298 USDC - $13.13
| ID | Title | Severity |
|---|---|---|
| [L-01] | Gas griefing/theft is possible on unsafe external call | low |
| [L-02] | event missed in setMaxSlippage() function may cause fund loose | low |
return data (bool success,) has to be stored due to EVM architecture, if in a usage like below, ‘out’ and ‘outsize’ values are given (0,0) . Thus, this storage disappears and may come from external contracts a possible Gas griefing/theft problem is avoided
There are 5 instances of the topic.
file: contracts/SafEth/SafEth.sol // solhint-disable-next-line (bool sent, ) = address(msg.sender).call{value: ethAmountToWithdraw}( "" ); require(sent, "Failed to send Ether");
file: contracts/SafEth/derivatives/Reth.sol (bool sent, ) = address(msg.sender).call{value: address(this).balance}( "" ); require(sent, "Failed to send Ether");
file: contracts/SafEth/derivatives/SfrxEth.sol // solhint-disable-next-line (bool sent, ) = address(msg.sender).call{value: address(this).balance}( "" ); require(sent, "Failed to send Ether");
file: contracts/SafEth/derivatives/WstEth.sol (bool sent, ) = address(msg.sender).call{value: address(this).balance}( "" ); require(sent, "Failed to send Ether");
file: contracts/SafEth/derivatives/WstEth.sol (bool sent, ) = WST_ETH.call{value: msg.value}(""); require(sent, "Failed to send Ether");
change the calls method above to something like this
assembly { success := call(gas(), dest, amount, 0, 0) } require(success,"transfer failed"); }
setMaxSlippage() function may cause fund loosethere is event missed in function setMaxSlippage(), the owner can set maxSlippage to more than 1% and when this happen users don't know about the new slippage that set by the user and may cause fund loose during stake or any money trading on the protocol(like swapping) because of lack of event in this function. i set this as low risk because i don't see this will cause the protocol loose fund directly and let the judge decide about the severity.
There are 5 instances of the topic.
file: contracts/SafEth/SafEth.sol /** @notice - Sets the max slippage for a certain derivative index @param _derivativeIndex - index of the derivative you want to update the slippage @param _slippage - new slippage amount in wei */ function setMaxSlippage( uint _derivativeIndex, uint _slippage ) external onlyOwner { derivatives[_derivativeIndex].setMaxSlippage(_slippage); emit SetMaxSlippage(_derivativeIndex, _slippage); }
I reccomend adding event to setMaxSlippage() function so the user can be aware of the updated slippage updated/set by the owner:
event UpdateSlippage()
#0 - liveactionllama
2023-03-30T20:41:55Z
Warden had emailed C4 prior to contest close, asking that a stray item at the top of their report be removed. I've made this update on their behalf.
#1 - c4-sponsor
2023-04-07T22:23:42Z
toshiSat marked the issue as sponsor disputed
#2 - c4-judge
2023-04-24T17:26:30Z
Picodes marked the issue as grade-b