Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 52/65
Findings: 1
Award: $24.36
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, Cityscape, Dravee, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, SooYa, StErMi, Tomio, WatchPug, Waze, bobirichman, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hickuphh3, ignacio, joestakey, kebabsec, mics, mtz, oyc_109, robee, rotcivegaf, samruna, sikorico, simon135, z3s
24.3601 USDC - $24.36
for (uint256 i = 0; i < length; i++) { assetYields[i].asset = assets[i]; if (i != length - 1) { // Distribute yieldAmount based on percent of asset volume assetYields[i].amount = _totalYieldAmount.percentMul( volumes[i].mul(PercentageMath.PERCENTAGE_FACTOR).div(totalVolume) ); extraYieldAmount = extraYieldAmount.sub(assetYields[i].amount); } else { // without calculation, set remained extra amount assetYields[i].amount = extraYieldAmount; } }
proposed change:
for (uint256 i; i < length;) { assetYields[i].asset = assets[i]; if (i != length - 1) { // Distribute yieldAmount based on percent of asset volume assetYields[i].amount = _totalYieldAmount.percentMul( volumes[i].mul(PercentageMath.PERCENTAGE_FACTOR).div(totalVolume) ); extraYieldAmount = extraYieldAmount.sub(assetYields[i].amount); } else { // without calculation, set remained extra amount assetYields[i].amount = extraYieldAmount; } ++i; }
for (uint256 i = 0; i < assetYields.length; i++) { if (assetYields[i].amount > 0) { uint256 _amount = _convertToStableCoin(assetYields[i].asset, assetYields[i].amount); // 3. deposit Yield to pool for suppliers _depositYield(assetYields[i].asset, _amount); } }
proposed change:
for (uint256 i; i < assetYields.length;) { if (assetYields[i].amount > 0) { uint256 _amount = _convertToStableCoin(assetYields[i].asset, assetYields[i].amount); // 3. deposit Yield to pool for suppliers _depositYield(assetYields[i].asset, _amount); ++i; } }
for (uint256 i = 0; i < _count; i++) { address asset = _assetsList[_offset + i]; require(asset != address(0), Errors.UL_INVALID_INDEX); uint256 _amount = IERC20Detailed(asset).balanceOf(address(this)); _convertAssetToExchangeToken(asset, _amount); }
proposed change:
for (uint256 i; i < _count;) { address asset = _assetsList[_offset + i]; require(asset != address(0), Errors.UL_INVALID_INDEX); uint256 _amount = IERC20Detailed(asset).balanceOf(address(this)); _convertAssetToExchangeToken(asset, _amount); ++i; }
for (uint256 i = 0; i < extraRewardsLength; i++) { address _extraReward = IConvexBaseRewardPool(baseRewardPool).extraRewards(i); address _rewardToken = IRewards(_extraReward).rewardToken(); _transferYield(_rewardToken); }
proposed change:
for (uint256 i; i < extraRewardsLength;) { address _extraReward = IConvexBaseRewardPool(baseRewardPool).extraRewards(i); address _rewardToken = IRewards(_extraReward).rewardToken(); _transferYield(_rewardToken); ++i; }
if (assetYields[i].amount > 0) {
proposed change:
if (assetYields[i].amount != 0) {
if (_vaultFee > 0)
proposed change:
if (_vaultFee != 0)
internal override returns (address, uint256) { // receive Curve LP Token from user //@audit put curveLPToken,convexBooster,internalAssetToken into mem require(_asset == curveLPToken, Errors.VT_COLLATERAL_DEPOSIT_INVALID); TransferHelper.safeTransferFrom(curveLPToken, msg.sender, address(this), _amount); // deposit Curve LP Token to Convex IERC20(curveLPToken).safeApprove(convexBooster, _amount); IConvexBooster(convexBooster).deposit(convexPoolId, _amount, true); // mint SturdyInternalAsset(internalAssetToken).mint(address(this), _amount);//@audit safeMint()? IERC20(internalAssetToken).safeApprove(address(_addressesProvider.getLendingPool()), _amount); return (internalAssetToken, _amount); }
proposed change:
internal override returns (address, uint256) { // receive Curve LP Token from user //@audit put curveLPToken,convexBooster,internalAssetToken into mem require(_asset == curveLPToken, Errors.VT_COLLATERAL_DEPOSIT_INVALID); address _curveLPToken = curveLPToken; address _convexBooster = convexBooster; address _internalAssetToken = internalAssetToken; TransferHelper.safeTransferFrom(_curveLPToken, msg.sender, address(this), _amount); // deposit Curve LP Token to Convex IERC20(_curveLPToken).safeApprove(_convexBooster, _amount); IConvexBooster(_convexBooster).deposit(convexPoolId, _amount, true); // mint SturdyInternalAsset(_internalAssetToken).mint(address(this), _amount);//@audit safeMint()? IERC20(_internalAssetToken).safeApprove(address(_addressesProvider.getLendingPool()), _amount); return (_internalAssetToken, _amount); }