Streaming Protocol contest - GeekyLumberjack's results

General Information

Platform: Code4rena

Start Date: 30/11/2021

Pot Size: $100,000 USDC

Total HM: 15

Participants: 36

Period: 7 days

Judge: 0xean

Total Solo HM: 4

Id: 62

League: ETH

Streaming Protocol

Findings Distribution

Researcher Performance

Rank: 17/36

Findings: 3

Award: $2,071.24

🌟 Selected for report: 3

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Streaming Protocol

Findings Information

🌟 Selected for report: cmichel

Also found by: GeekyLumberjack, hyh, kenzo, pedroais

Labels

bug

duplicate

3 (High Risk)

sponsor confirmed

Awards

1057.3907 USDC - $1,057.39

External Links

Link to GitHub issue

Handle

GeekyLumberjack

Vulnerability details

Impact

passing rewardToken into recoverTokens() will fail if called after claimRewards()

Proof of Concept

this test function can be added to Locke.t.sol to easily show this problem.

https://github.com/GeekyLumberjack/ProofOfConcept-stream-1/blob/main/proof.sol

Tools Used

dapp tools

Recommended Mitigation Steps

update rewardTokenAmount in claimRewards()

#0 - brockelmore
2021-12-03T21:40:36Z

Nice catch & thank you for the proof of concept!

However the issue is not rewardTokenAmount being updated, that should be a high water mark for rewardTokenAmount. We should use a claimedRewards accumulator and subtract that out from the recover token like we do for depositTokens.

#1 - brockelmore
2022-01-05T16:55:04Z

duplicate #214

Findings Information

🌟 Selected for report: GeekyLumberjack

Labels

bug

1 (Low Risk)

Awards

805.8152 USDC - $805.82

External Links

Link to GitHub issue

Handle

GeekyLumberjack

Vulnerability details

Impact

This may lead someone to believe the function works differently than it does.

Proof of Concept

//@audit inaccurate comment, this function will claim fees in rewards and in deposit tokens /** * @dev Allows the governance contract of the factory to select a destination * and transfer fees (in rewardTokens) to that address totaling the total fee amount */

Recommended Mitigation Steps

Update comment to include a note about deposit fees being claimed in this function

Findings Information

🌟 Selected for report: 0x0x0x

Also found by: 0x1f8b, GeekyLumberjack, WatchPug, cmichel, danb, pauliax

Labels

bug

duplicate

G (Gas Optimization)

Awards

7.608 USDC - $7.61

External Links

Link to GitHub issue

Handle

GeekyLumberjack

Vulnerability details

Impact

gas cost

Recommended Mitigation Steps

change this line in flashloan()

//@audit why not just divide by 1000 instead of multiply by 10 and then divide by 10000 uint112 feeAmt = amount * 10 / 10000; // 10bps fee

uint112 feeAmt = amount / 1000; // 10bps fee

#0 - 0xean
2022-01-18T13:51:32Z

dupe of #188

Findings Information

🌟 Selected for report: GeekyLumberjack

Labels

bug

G (Gas Optimization)

Awards

100.2104 USDC - $100.21

External Links

Link to GitHub issue

Handle

GeekyLumberjack

Vulnerability details

Impact

increase gas cost

Recommended Mitigation Steps

replace

//@audit multiplying by 1 million just to divide by 1 million is unnecessary. Remove this to save gas. return ((uint256(streamDuration) * amount * 10**6) / timeRemaining) / 10**6;

with

return (uint256(streamDuration) * amount ) / timeRemaining) ;

Findings Information

🌟 Selected for report: GeekyLumberjack

Labels

bug

G (Gas Optimization)

Awards

100.2104 USDC - $100.21

External Links

Link to GitHub issue

Handle

GeekyLumberjack

Vulnerability details

Impact

gas cost

Recommended Mitigation Steps

replace creatorClaimSoldTokens() with:

`` function creatorClaimSoldTokens(address destination) public lock { // can only claim when its a sale require(isSale, "!sale");

    // only can claim once
    require(!claimedDepositTokens, "claimed");
    // creator is claiming
    require(msg.sender == streamCreator, "!creator");
    // stream ended
    require(block.timestamp >= endStream, "stream");
    
    claimedDepositTokens = true;

    ERC20(depositToken).safeTransfer(destination, depositTokenAmount);

    emit SoldTokensClaimed(destination, depositTokenAmount);
}

Streaming Protocol contest - GeekyLumberjack's results

General Information

Findings Distribution

Researcher Performance

External Links

[H-03] rewardTokenAmount isn't being updated. - $1,057.39

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - brockelmore2021-12-03T21:40:36Z

#1 - brockelmore2022-01-05T16:55:04Z

QA Report - $805.82

🚀 [L-10] Inaccuate comment about claimFees() - $805.82

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

Gas Report - $208.03

[G-07] Change math in flashloan() optimize gas - $7.61

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

#0 - 0xean2022-01-18T13:51:32Z

🚀 [G-16] Remove redundant math to save gas in dilutedBalance() - $100.21

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

🚀 [G-17] Remove unneeded variable in creatorClaimSoldTokens() to save gas - $100.21

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

#0 - brockelmore
2021-12-03T21:40:36Z

#1 - brockelmore
2022-01-05T16:55:04Z

#0 - 0xean
2022-01-18T13:51:32Z