Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 56/72
Findings: 1
Award: $92.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s
92.0693 USDC - $92.07
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L356
Unlike maxDiscount, minDiscount is missing some sanity checks: minDiscount should be smaller than MAX_BPS minDoscount should be smaller than maxDiscount
#0 - GalloDaSballo
2022-04-22T22:44:28Z
Have to agree that a check is missing here
#1 - jack-the-pug
2022-05-29T09:10:33Z
Downgrading to QA as even with minDiscount set larger than MAX_BPS, the only impact will be setDiscount() always revert, so that the admin need to setDiscountLimits() correctly first.
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L265-L271