Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 47/120
Findings: 3
Award: $91.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0xNorman, 0xRobocop, Aymen0909, ElKu, GT_Blockchain, Josiah, KrisApostolov, RaymondFam, SpicyMeatball, ToonVH, Voyvoda, anodaram, aviggiano, bin2chen, climber2002, giovannidisiena, jpserrat, minhtrng, rbserver, sashik_eth, shaka, wintermute
8.0283 USDC - $8.03
Judge has assessed an item in Issue #680 as 2 risk. The relevant finding follows:
D. FlashFee is a flat amount, meaning the cost to flash loan an NFT at floor price is the same as one worth 5x the floor price. FlashFee should instead be based on the weigh of the NFT being flashloaned, with more expensive NFTs charging a higher fee.
#0 - c4-judge
2023-05-02T08:42:05Z
GalloDaSballo marked the issue as duplicate of #864
#1 - c4-judge
2023-05-02T08:42:23Z
GalloDaSballo marked the issue as satisfactory
🌟 Selected for report: Voyvoda
Also found by: CodingNameKiki, DishWasher, GT_Blockchain, J4de, JGcarv, Josiah, RaymondFam, neumo, saian
72.6437 USDC - $72.64
Judge has assessed an item in Issue #680 as 2 risk. The relevant finding follows:
A. Fee structure is inconsistent for buys/changes. In buy() and sell() function protocolFee is based on a percentage of the input/output amount but in change() the fee is based on the pool fee not the input amount. It should be based on the input/output amount for consistency
#0 - c4-judge
2023-05-02T08:41:45Z
GalloDaSballo marked the issue as duplicate of #463
#1 - c4-judge
2023-05-02T08:41:53Z
GalloDaSballo marked the issue as satisfactory
🌟 Selected for report: AkshaySrivastav
Also found by: 0xTheC0der, Dug, GT_Blockchain, Haipls, adriro, bin2chen, carlitox477, dingo2077, fs0c, hasmama, hihen, holyhansss_kr, juancito, ladboy233, philogy, saian, said, sashik_eth, yixxas, zion
10.8554 USDC - $10.86
https://github.com/code-423n4/2023-04-caviar/blob/main/src/Factory.sol#L92
When a user is creating a pool they can specify a bytes32 salt that is passed to cloneDeterministic, which determines the address of the new contract. The salt can be copied by a front-running bot and submitted before the user. This will result in the pool being deployed at the same address but with either the same or different parameters. Since this contract at an address already exists the create2 will revert as well as the transaction. This can prevent a user from creating a pool successfully. If the MEV bot also copies the rest of the calldata parameters then the pool will also be created but ownership assigned to the bot not Alice like intended.
salt should not be decided by the user.
privatePool = PrivatePool(payable(privatePoolImplementation.cloneDeterministic(_salt)));
Visual Studio Code.
Solution: The salt should be determined on chain as the keccak256 of the all the parameters and the msg.sender. Since the chance of a hash collision on salt would be virtually zero, the chance of the cloneDeterministic reverting are also extremely low. This ensures that the pool is always created as expected with the users' parameters and them as the owner.
#0 - c4-pre-sort
2023-04-20T17:19:07Z
0xSorryNotSorry marked the issue as duplicate of #419
#1 - c4-judge
2023-05-01T07:23:05Z
GalloDaSballo marked the issue as satisfactory