Platform: Code4rena
Start Date: 30/05/2023
Pot Size: $300,500 USDC
Total HM: 79
Participants: 101
Period: about 1 month
Judge: Trust
Total Solo HM: 36
Id: 242
League: ETH
Rank: 69/101
Findings: 2
Award: $95.38
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xTheC0der
Also found by: Atree, BLOS, BPZ, Fulum, KupiaSec, SpicyMeatball, bin2chen, jasonxiale, lsaudit, minhquanym, xuwinnie, zzzitron
95.3782 USDC - $95.38
In function removeAsset, assetId is updated incorrectly.
function removeAsset(address asset) external nonReentrant onlyOwner { // No need to check if index is 0, it will underflow and revert if it is 0 uint256 assetIndex = assetId[asset] - 1; uint256 newAssetsLength = assets.length - 1; if (newAssetsLength == 0) revert CannotRemoveLastAsset(); totalWeights -= weights[assetIndex]; address lastAsset = assets[newAssetsLength]; assetId[lastAsset] = assetIndex; assets[assetIndex] = lastAsset; weights[assetIndex] = weights[newAssetsLength]; assets.pop(); weights.pop(); assetId[asset] = 0; emit AssetRemoved(asset); updateAssetBalances(); asset.safeTransfer(msg.sender, asset.balanceOf(address(this))); } function addAsset(address asset, uint256 _weight) external nonReentrant onlyOwner { if (assetId[asset] != 0) revert AssetAlreadyAdded(); require(ERC20(asset).decimals() == 18); require(_weight > 0); assetId[asset] = assets.length + 1; assets.push(asset); weights.push(_weight); totalWeights += _weight; emit AssetAdded(asset, _weight); updateAssetBalances(); }
assetId should always be equal to assetIndex + 1, as zero represents that asset does not exist.
Manual
assetId[lastAsset] = assetIndex + 1;
CanAuto
#0 - c4-judge
2023-07-09T16:31:16Z
trust1995 marked the issue as duplicate of #703
#1 - c4-judge
2023-07-09T16:31:32Z
trust1995 marked the issue as satisfactory
#2 - c4-judge
2023-07-11T17:20:41Z
trust1995 changed the severity to 2 (Med Risk)
#3 - c4-judge
2023-07-11T17:20:49Z
trust1995 changed the severity to 3 (High Risk)