Platform: Code4rena
Start Date: 28/10/2021
Pot Size: $30,000 ETH
Total HM: 8
Participants: 19
Period: 3 days
Judge: leastwood
Total Solo HM: 4
Id: 47
League: ETH
Rank: 9/19
Findings: 1
Award: $1,274.33
🌟 Selected for report: 3
🚀 Solo Findings: 0
226.4564 USDC - $226.46
JMukesh
when pendingGovernance call acceptPendingGovernance() , governance value get updated but pendingGovernance remain same its not updated to address(0)
governance = pendingGovernance;
due to which pendingGovernace and Governace share same address which should not happen
manual review
update pendingGovernance to address(0)
#0 - dapp-whisperer
2021-11-02T23:24:27Z
I agree, we will reset pendingGovernance when it is accepted.
#1 - tabshaikh
2021-11-03T08:01:03Z
#2 - tabshaikh
2021-11-03T08:10:39Z
Duplicate: #89
🌟 Selected for report: JMukesh
503.2365 USDC - $503.24
JMukesh
In updatePricePerShare() instead of "block.timestamp" , "now" is used which is deprciated. "block.timestamp" is way more explicit in showing the intent while "now" relates to the timestamp of the block controlled by the miner
more on this -> https://github.com/ethereum/solidity/issues/4020
manual review
use block.timestamp
#0 - dapp-whisperer
2021-11-01T21:49:15Z
will-fix
#1 - tabshaikh
2021-11-02T05:21:44Z
fixed
226.4564 USDC - $226.46
JMukesh
In updatePricePerShare() no value is returned, due to which by default value of return will be 0
what i have assumed here is after updating PricePershare() it will return the latest value
manual review
add {return x} if you want to return the updated value or else remove returns(uint) from the function(){} if no value you wanted to return
91.7149 USDC - $91.71
JMukesh
SInce the parameters of initialize() is used to initialize the state variable and error in these state variable can lead to redeployment of contract
manual review
add address(0) validation
#0 - dapp-whisperer
2021-11-02T23:15:14Z
My philosophy is that you can set the address to any incorrect address besides address 0 and suffer from the same issue.
#1 - 0xleastwood
2021-12-04T09:57:51Z
#41
226.4564 USDC - $226.46
JMukesh
Due to lack of input validtion during setting of pendingGovernace due to which pending Governance can be set to address(0)
manual review
add require condition to check for input values of pendingGovernance
#0 - 0xleastwood
2021-12-04T09:07:17Z
#35