Platform: Code4rena
Start Date: 07/06/2022
Pot Size: $75,000 USDC
Total HM: 11
Participants: 77
Period: 7 days
Judge: gzeon
Total Solo HM: 7
Id: 124
League: ETH
Rank: 14/77
Findings: 1
Award: $352.01
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 0xmint, Bronicle, Chom, Cityscape, Deivitto, Funen, GimelSec, GreyArt, IllIllI, JC, Lambda, Meera, Nethermind, Picodes, PierrickGT, Ruhum, Sm4rty, Tadashi, TerrierLover, TomJ, Trumpero, Waze, _Adam, antonttc, ayeslick, c3phas, catchup, cccz, cloudjunky, cryptphi, csanuragjain, delfin454000, dipp, ellahi, fatherOfBlocks, hake, hansfriese, hyh, joestakey, jonah1005, kenzo, minhquanym, oyc_109, sach1r0, saian, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s, zzzitron
352.0129 USDC - $352.01
We list 3 low-critical findings and 1 non-critical findings:
NotionalTradeModule\_mint()ReentrancyGuard is not upgradableThe contract wfCashERC4626 uses ERC777Upgradeable but ReentrancyGuard is not upgradable. It may cause wrong slots of reserved space.
In wfCashBase it use upgradable ERC777:
abstract contract wfCashBase is ERC777Upgradeable, IWrappedfCash {
But in wfCashLogic it doesn't use upgradable ReentrancyGuard:
https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashLogic.sol#L11
abstract contract wfCashLogic is wfCashBase, ReentrancyGuard {
None
Use ReentrancyGuardUpgradeable.sol
depositAmountExternal and fCashAmountdepositAmountExternal and fCashAmount are both the arguments of wfCashLogic\mintViaUnderlying() and wfCashLogic\mintViaAsset() . But they doesn't make sure that depositAmountExternal is enough for fCashAmount . We cannot guarantee that NotionalV2 will check that.
It directly mint fCashAmount tokens
function _mintInternal( uint256 depositAmountExternal, uint88 fCashAmount, address receiver, uint32 minImpliedRate, bool useUnderlying ) internal nonReentrant { ... _mint(receiver, fCashAmount, "", "", false); ... }
None
Calculate the right amount of token in wfCashLogic.sol
Floating pragma may cause unexpected compilation time behaviour and introduce unintended bugs.
pragma solidity ^0.8.0;
Don't use ^, lock pragma to ensure compiler version. e.g. pragma solidity 0.8.0;
NotionalTradeModule\_mint()mintCallData has five arguments for _fCashPosition.mintViaUnderlying.selector and _fCashPosition.mintViaAsset.selector . But those functions actually take four arguments.
bytes memory mintCallData = abi.encodeWithSelector( functionSelector, _maxAssetAmount, uint88(_fCashAmount), address(_setToken), minImpliedRate, _fromUnderlying );
function mintViaAsset( uint256 depositAmountExternal, uint88 fCashAmount, address receiver, uint32 minImpliedRate ) external override { _mintInternal(depositAmountExternal, fCashAmount, receiver, minImpliedRate, false); } function mintViaUnderlying( uint256 depositAmountExternal, uint88 fCashAmount, address receiver, uint32 minImpliedRate ) external override { _mintInternal(depositAmountExternal, fCashAmount, receiver, minImpliedRate, true); }
None
Fix the number of arguments in NotionalTradeModule\_mint()
bytes memory mintCallData = abi.encodeWithSelector( functionSelector, _maxAssetAmount, uint88(_fCashAmount), address(_setToken), minImpliedRate );
#0 - jeffywu
2022-06-16T12:32:02Z
Good catch on the reentrancy guard
#1 - ckoopmann
2022-06-17T02:14:06Z
Flagging that this report contains mintCallData has wrong number of arguments in NotionalTradeModule\_mint() which I confirmed as an issue elsewhere. (Although I think this is in fact more of a QA topic rather than the Mid-risk issue it was flagged as elsewhere).