Platform: Code4rena
Start Date: 15/07/2021
Pot Size: $80,000 USDC
Total HM: 28
Participants: 18
Period: 7 days
Judge: ghoulsol
Total Solo HM: 18
Id: 20
League: ETH
Rank: 13/18
Findings: 3
Award: $516.79
🌟 Selected for report: 2
🚀 Solo Findings: 0
JMukesh
manual review
add a require condition to check the return value
#0 - SamusElderg
2021-07-22T02:51:20Z
Duplicate of #8
JMukesh
function claimAllForMember(address member) external returns (bool){ address [] memory listedAssets = listedBondAssets; // Get array of bond assets // audit --> unbounded loop + "is intended to be a historical array of all past Bond listed assets"
for(uint i = 0; i < listedAssets.length; i++){ uint claimA = calcClaimBondedLP(member, listedAssets[i]); // Check user's unlocked Bonded LPs for each asset if(claimA > 0){ _BONDVAULT.claimForMember(listedAssets[i], member); // Claim LPs if any unlocked } } return true; }
since length listed asset will increase with time due to which it may run out of gas, since in each iteration there function call inside the loop
manual review
pull over push strategy for external calls.
#0 - SamusElderg
2021-07-25T12:02:22Z
Duplicate of #37
🌟 Selected for report: JMukesh
160 USDC - $160.00
JMukesh
https://docs.soliditylang.org/en/v0.8.6/contracts.html#constant-and-immutable-state-variables
manual review
🌟 Selected for report: JMukesh
160 USDC - $160.00
JMukesh
https://docs.soliditylang.org/en/v0.8.6/contracts.html#constant-and-immutable-state-variables
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Synth.sol#L7 https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Synth.sol#L12
manual review