Platform: Code4rena
Start Date: 28/06/2022
Pot Size: $25,000 USDC
Total HM: 14
Participants: 50
Period: 4 days
Judge: GalloDaSballo
Total Solo HM: 7
Id: 141
League: ETH
Rank: 16/50
Findings: 3
Award: $141.44
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0v3rf10w, 0x1f8b, 0x29A, AlleyCat, Bnke0x0, Chom, Funen, JC, Lambda, Limbooo, Meera, Picodes, Sm4rty, TerrierLover, TomJ, __141345__, asutorufos, aysha, c3phas, cccz, defsec, fatherOfBlocks, grGred, hake, ignacio, ladboy233, mrpathfindr, oyc_109, rfa, sach1r0, samruna, slywaters, ynnad
43.4708 USDC - $43.47
totalCash can be removed from comment since not used in actual code* exchangeRate = (totalCash + totalBorrows - totalReserves) / totalSupply */ uint cashPlusBorrowsMinusReserves = totalBorrows - totalReserves;// totalCash in cNote Lending Market is zero, thus it is not factored into the exchangeRate
Since exchangeRate = totalBorrows - totalReserves / totalSupply; was used so it can be removed from comment.
1.) TreasuryDelegator.sol Line.13
require(admin_ != address(0));
2.) File : CNote.sol Line.74
require(address(_accountant) != address(0));
3.) File : CNote.sol Line.121
require(address(_accountant) != address(0)); //check that the accountant has been set
4.) File : AccountantDelegator.sol Line.22
require(admin_ != address(0));
5.) File : Proposal-Store.sol Line.44
require(msg.sender == UniGovModAcct);
//require(deadline >= block.timestamp, "BaseV1Router: EXPIRED");
the ensure modifier requires that the swap transaction is executed before the given deadline, so rather than be an comment it can be used for better use.
SPDX license identifierFor some contracts that was not used SPDX license identifier in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code
Occurances contract : CNote.sol, NoteInterest.sol, TreasuryInterfaces.sol), TreasuryDelegate.sol, TreasuryDelegator.sol
Since it was used ^0.8.10. As the compiler can be use as 0.8.10 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.
require(_balanceOf[src] >= wad, "WETH::transfeFrom");
changed to transferFrom
CREATE2 // change to create
#0 - GalloDaSballo
2022-08-16T21:04:01Z
NC
NC
TODO -> Dup of #90
NC
NC
NC
5 NC
🌟 Selected for report: 0x1f8b
Also found by: 0x29A, 0xArshia, 0xKitsune, Bnke0x0, Chom, Fitraldys, Funen, JC, Lambda, Meera, Noah3o6, Picodes, RedOneN, Rohan16, Sm4rty, TerrierLover, TomJ, Tomio, Waze, ajtra, c3phas, cRat1st0s, defsec, durianSausage, fatherOfBlocks, grGred, hake, ladboy233, m_Rassska, mrpathfindr, oyc_109, rfa, ynnad
27.5044 USDC - $27.50
1.) File : Proposal-Store.sol Proposal-Store.sol
address private UniGovModAcct;
Every reason string takes at least 32 bytes. Use short reason strings that fits in 32 bytes or it will become more expensive.
Manual Review
main/contracts/NoteInterest.sol#L167 "only the admin may set the base rate"; -> change "only admin" main/contracts/NoteInterest.sol#L180 "only the admin may set the adjuster coefficient" -> change "only admin" main/contracts/NoteInterest.sol#L193 "only the admin may set the update frequency" -> change "only admin" main/contracts/Stableswap/BaseV1-periphery.sol#L104 "BaseV1Router: IDENTICAL_ADDRESSES" -> change "ID" //Identical_Addresses main/contracts/CNote.sol#L105 "Accountant has not been correctly supplied" -> change "ANCS" //Accountant not correct supplied main/contracts/CNote.sol#L147 "TOKEN_TRANSFER_OUT_FAILED" main/contracts/CNote.sol#L148 "cNote::doTransferOut: TransferOut Failed" main/contracts/Treasury/TreasuryDelegator.sol#L31 "GovernorBravoDelegator::setImplementation: admin only" -> change "only admin" main/contracts/Treasury/TreasuryDelegator.sol#L32 "GovernorBravoDelegator::setImplementation: invalid implementation address" -> "inv_addr"
#0 - GalloDaSballo
2022-08-14T20:47:33Z
2.1k from immutable, rest is negligible