Platform: Code4rena
Start Date: 20/10/2021
Pot Size: $30,000 ETH
Total HM: 5
Participants: 15
Period: 3 days
Judge: 0xean
Total Solo HM: 3
Id: 44
League: ETH
Rank: 7/15
Findings: 2
Award: $461.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
JMukesh
Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more, since 2300 the amount of gas a contract’s fallback function receives if it’s called via Solidity’s transfer() or send() methods. Any smart contract that uses transfer() or send() is taking a hard dependency on gas costs by forwarding a fixed amount of gas: 2300.
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
https://blog.openzeppelin.com/opyn-gamma-protocol-audit/
manual review
use call()
#0 - Shadowfiend
2021-11-04T16:12:35Z
Duplicate of #20.
JMukesh
There is no checking of address array in swapfees(), it may contain duplicate address or zero address due which function may get failed
manual review
check the array before using it in loop
#0 - Shadowfiend
2021-11-04T16:27:13Z
Duplicate of #81.
#1 - 0xean
2021-11-06T12:46:07Z
In some ways this is a dupe of #81 and in some ways its just not reasonable to check for duplicates on chain and would be best done off chain. Leaving as a dupe of #81.