Platform: Code4rena
Start Date: 24/10/2023
Pot Size: $36,500 USDC
Total HM: 4
Participants: 147
Period: 6 days
Judge: 0xDjango
Id: 299
League: ETH
Rank: 110/147
Findings: 1
Award: $4.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xmystery
Also found by: 0x11singh99, 0xAadi, 0xAlix2, 0xG0P1, 0xStalin, 0xWaitress, 0x_Scar, 0xhacksmithh, 0xhunter, 0xpiken, Al-Qa-qa, Arz, Avci, Bauchibred, BeliSesir, Breeje, Bughunter101, DarkTower, Eeyore, Fitro, HChang26, Imlazy0ne, J4X, JCK, Kaysoft, Kral01, Madalad, Mike_Bello90, Noro, PASCAL, PENGUN, Proxy, Rickard, Shubham, SovaSlava, Strausses, Team_Rocket, ThreeSigma, Topmark, Udsen, Walter, Yanchuan, Zach_166, ZanyBonzy, adam-idarrha, adeolu, almurhasan, arjun16, ast3ros, asui, ayden, btk, cartlex_, castle_chain, cccz, chainsnake, codynhat, critical-or-high, cryptonue, csanuragjain, deepkin, degensec, dirk_y, erebus, foxb868, ge6a, hunter_w3b, jasonxiale, kkkmmmsk, lanrebayode77, lsaudit, marchev, matrix_0wl, max10afternoon, nuthan2x, oakcobalt, oxchsyston, pavankv, peanuts, pep7siup, pipidu83, pontifex, ptsanev, qpzm, radev_sw, rokinot, rotcivegaf, rvierdiiev, sorrynotsorry, squeaky_cactus, supersizer0x, tnquanghuy0512, twcctop, twicek, young, zhaojie, ziyou-
4.5226 USDC - $4.52
On line 345 of EthenaMinting.sol when checking if the order.beneficiary is the zero address, if the check fails the function is reverting with InvalidAmount() although it appears that it should be InvalidZeroAddress().
Although the overview states:
By design, Ethena will be the only ones calling mint(),redeen() and other functions in this contract.
I recommend checking the order.beneficiary does have the SOFT_RESTRICTED_STAKER_ROLE or FULL_RESTRICTED_STAKER_ROLE as an added layer of protection against accidentally minting tokens for a user in a restricted country or redeeming them for a frozen account.
In SingleAdminAccessControl.sol file line 72 _grantRole function, consider emitting the AdminTransferred event last to prevent an erroneous log from being broadcasted in case the _revokeRole function were to fail. The modification can be done as follows:
function _grantRole(bytes32 role, address account) internal override { if (role == DEFAULT_ADMIN_ROLE) { _revokeRole(DEFAULT_ADMIN_ROLE, _currentDefaultAdmin); _currentDefaultAdmin = account; delete _pendingDefaultAdmin; emit AdminTransferred(_currentDefaultAdmin, account); } super._grantRole(role, account); }
In StakedUSDe.sol, in case an attacker were to somehow black list the owner, recommend allowing the black list manager to un-blacklist the owner as there does not seem to be any advantage to preventing the black list manager from doing so. This can be done by removing the notOwner modifier as follows:
function removeFromBlacklist(address target, bool isFullBlacklisting) external onlyRole(BLACKLIST_MANAGER_ROLE) { bytes32 role = isFullBlacklisting ? FULL_RESTRICTED_STAKER_ROLE : SOFT_RESTRICTED_STAKER_ROLE; _revokeRole(role, target); }
In the transferInRewards function, the value of the call to getUnvestedAmount() appears guaranteed to be zero, based on the if (getUnvestedAmount() > 0) revert StillVesting(); statement on line 90. So adding the value to the newVestingAmount on line 91, uint256 newVestingAmount = amount + getUnvestedAmount(); seems to be useless. If the expectation is that the value of getUnvestedAmount() can be greater than zero, then the condition on line 90 should be reevaluated and changed to allow non-zero values without reverting.
#0 - c4-pre-sort
2023-11-02T01:58:17Z
raymondfam marked the issue as sufficient quality report
#1 - c4-judge
2023-11-14T17:08:11Z
fatherGoose1 marked the issue as grade-b