Back to CertoraInc's contests

FEI and TRIBE Redemption contest - CertoraInc's results

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

General Information

Platform: Code4rena

Start Date: 09/09/2022

Pot Size: $42,000 USDC

Total HM: 2

Participants: 101

Period: 3 days

Judge: hickuphh3

Total Solo HM: 2

Id: 161

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 5/101

Findings: 1

Award: $134.09

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTribe

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas

Awards

134.0914 USDC - $134.09

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA Report

  • Pragmas should be locked to a specific compiler version, to avoid contracts getting deployed using a different version, which may have a greater risk of undiscovered bugs.
  • The pause variables in the SimpleFeiDaiPSM contract are constant, which means the contract can't be pause by modifying these variables. It will be better to add a pause functionality instead of pausing it only through revoking of the MINTER role, which will cause transaction to revert if the users won't know that it was pause. If you'll implement that pause mechanism, the users can simply check the value of paused and see if the contract is active or not.
  • The dripping mechanism in the MerkleRedeemerDripper contract creates kind of race condition, which can lead to users front running to use the current drip's balance. It will be better to implement another mechanism to avoid users competing for the balance.
  • Consider adding checks to the redeemBase parameter in the TribeRedeemer contract - this variable represents the amount of TRIBE that can be redeemed, however it is not checked and can potentially be any value. Check like redeemBase > 0 (or even redeemBase > 1e10 like in the RariMerkleRedeemer contract) can be added to insure this value is correct.
  • The SimpleFeiDaiPSM doesn't implement all the functions from the interfaces that he should implement (the IPCVDeposit interface for example)
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter