Platform: Code4rena
Start Date: 14/06/2022
Pot Size: $100,000 USDC
Total HM: 26
Participants: 59
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 9
Id: 133
League: ETH
Rank: 35/59
Findings: 3
Award: $436.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
126.3383 USDC - $126.34
782.2807 CANTO - $126.34
There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value
function updateBaseRate(uint newBaseRatePerYear) public {}
manual review
add a access modifier
#0 - ecmendenhall
2022-06-21T22:13:37Z
#1 - tkkwon1998
2022-06-22T19:49:51Z
Duplicate of #22
#2 - GalloDaSballo
2022-08-04T22:05:52Z
Dup of #22
🌟 Selected for report: joestakey
Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xf15ers, 0xmint, Bronicle, Dravee, Funen, JMukesh, Limbooo, MadWookie, Picodes, Ruhum, TerrierLover, TomJ, Tutturu, WatchPug, Waze, _Adam, asutorufos, c3phas, catchup, cccz, codexploder, cryptphi, csanuragjain, defsec, fatherOfBlocks, gzeon, hake, hansfriese, hyh, ignacio, k, nxrblsrpr, oyc_109, robee, sach1r0, saian, simon135, technicallyty, zzzitron
72.3997 USDC - $72.40
687.9945 CANTO - $111.11
Use of transfer might render ETH(here native token canto) impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more, since 2300 the amount of gas a contract’s fallback function receives if it’s called via Solidity’s transfer() or send() methods. Any smart contract that uses transfer() or send() is taking a hard dependency on gas costs by forwarding a fixed amount of gas: 2300.
manual review
use the call() method
#0 - nivasan1
2022-06-24T03:02:38Z
duplicate of #14