Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 70/72
Findings: 1
Award: $52.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s
52.1707 USDC - $52.17
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/SupplySchedule.sol#L103
uint256 mintable = 0;
Proposed change:
uint256 mintable;
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/SupplySchedule.sol#L192
uint256 mintable = 0;
Proposed change:
uint256 mintable;
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/SupplySchedule.sol#L178
function getMintableDebug(uint256 lastMintTimestamp) external { require( globalStartTimestamp > 0, "SupplySchedule: minting not started" ); require( lastMintTimestamp > globalStartTimestamp, "SupplySchedule: attempting to mint before start block" ); ... emit log_named_uint("globalStartTimestamp", globalStartTimestamp); emit log_named_uint("epochLength", epochLength); uint256 startingEpoch = (lastMintTimestamp - globalStartTimestamp) epochLength; uint256 endingEpoch = (block.timestamp - globalStartTimestamp) / epochLength; ; uint256 epochStartTime = globalStartTimestamp + i * epochLength; uint256 epochEndTime = globalStartTimestamp + (i + 1) * epochLength; ... }
Proposed changes:
function getMintableDebug(uint256 lastMintTimestamp) external { uint256 memory _globalStartTimestamp = globalStartTimestamp; uint256 memory _epochLength = epochLength; require( _globalStartTimestamp > 0, "SupplySchedule: minting not started" ); require( lastMintTimestamp > _globalStartTimestamp, "SupplySchedule: attempting to mint before start block" ); ... emit log_named_uint("globalStartTimestamp", _globalStartTimestamp); emit log_named_uint("epochLength", _epochLength); uint256 startingEpoch = (lastMintTimestamp - _globalStartTimestamp) / _epochLength; uint256 endingEpoch = (block.timestamp - _globalStartTimestamp) / _epochLength; ; uint256 epochStartTime = _globalStartTimestamp + i * _epochLength; uint256 epochEndTime = _globalStartTimestamp + (i + 1) * _epochLength; ... }
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadelVester.sol#L132
function vest( address recipient, uint256 _amount, uint256 _unlockBegin ) external { require(msg.sender == vault, "StakedCitadelVester: only xCTDL vault"); require(_amount > 0, "StakedCitadelVester: cannot vest 0"); vesting[recipient].lockedAmounts = vesting[recipient].lockedAmounts + _amount; vesting[recipient].unlockBegin = _unlockBegin; vesting[recipient].unlockEnd = _unlockBegin + vestingDuration; emit Vest( recipient, vesting[recipient].lockedAmounts, _unlockBegin, vesting[recipient].unlockEnd ); }
proposed change:
function vest( address recipient, uint256 _amount, uint256 _unlockBegin ) external { require(msg.sender == vault, "StakedCitadelVester: only xCTDL vault"); require(_amount > 0, "StakedCitadelVester: cannot vest 0"); uint _lockedAmounts = vesting[recipient].lockedAmounts; vesting[recipient].lockedAmounts = _lockedAmounts + _amount; vesting[recipient].unlockBegin = _unlockBegin; vesting[recipient].unlockEnd = _unlockBegin + vestingDuration; emit Vest( recipient, _lockedAmounts, _unlockBegin, vesting[recipient].unlockEnd ); }
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L319
function deposit(uint256 _amount, bytes32[] memory proof) external whenNotPaused { _depositWithAuthorization(_amount, proof); }
proposed change:
function deposit(uint256 _amount, bytes32[] calldata proof) external whenNotPaused { _depositWithAuthorization(_amount, proof); }
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L329
function depositAll(bytes32[] memory proof) external whenNotPaused { _depositWithAuthorization(token.balanceOf(msg.sender), proof); }
proposed change:
function depositAll(bytes32[] calldata proof) external whenNotPaused { _depositWithAuthorization(token.balanceOf(msg.sender), proof); }
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L363
function depositFor( address _recipient, uint256 _amount, bytes32[] memory proof ) external whenNotPaused { _depositForWithAuthorization(_recipient, _amount, proof); }
proposed change:
function depositFor( address _recipient, uint256 _amount, bytes32[] calldata proof ) external whenNotPaused { _depositForWithAuthorization(_recipient, _amount, proof); }