Platform: Code4rena
Start Date: 04/11/2021
Pot Size: $50,000 USDC
Total HM: 20
Participants: 28
Period: 7 days
Judge: 0xean
Total Solo HM: 11
Id: 51
League: ETH
Rank: 13/28
Findings: 2
Award: $707.60
🌟 Selected for report: 4
🚀 Solo Findings: 0
🌟 Selected for report: JMukesh
290.7617 USDC - $290.76
JMukesh
due to lack of checking admin_fee, it can be greater than max_admin_fee
manual review
add input validation for admin_fee
🌟 Selected for report: JMukesh
290.7617 USDC - $290.76
JMukesh
Event should be emitted after sensitive action like setting fees, admin_fees otherwise it will be difficult track offchain fees changes
manual review
event should be emitted after the sensitive action
78.5056 USDC - $78.51
JMukesh
wrong operator used in checking the fees, adminfee, withdrawfee instead of
require(_fee < SwapUtils.MAX_SWAP_FEE, "_fee exceeds maximum");
_fee < = SwapUtils.Max_Swap_Fee , should be there same with adminfee & withdrawfee becuase in using <= it does not exceed the max value
manual review
use correct operator to check the value
🌟 Selected for report: JMukesh
44.8876 USDC - $44.89
JMukesh
bool _iskilled state variable can be packed with one of the address state variable like {token , owner} which will save on slot of memory
manual review
JMukesh
In swap.sol , constructor check poolToken length and decimal length with the same constant number that is 2, which means both pooltoken and decimal length should be equal to 2 otherwise it will fail, hence we can say if these two condition is passed
require(_pooledTokens.length == 2, "_pooledTokens.length must be 2 in length"); require(decimals.length == 2, "decimals.length must be 2 in length");
automatically it is known that pooledtoken and decimal have same length , no need of extra check
require( _pooledTokens.length == decimals.length, "_pooledTokens decimals mismatch" );
#0 - chickenpie347
2022-01-04T02:13:04Z
Duplicate of #20 , #241