Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 178/246
Findings: 1
Award: $13.13
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: brgltd
Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron
13.1298 USDC - $13.13
Confirm the derivative address to avoid incorrectly setting weight.
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L165-L175 function adjustWeight( uint256 _derivativeIndex, uint256 _weight, address _checkDerivative ) external onlyOwner { require(_checkDerivative == address(derivatives[_derivativeIndex]), "wrong derivative"); weights[_derivativeIndex] = _weight; uint256 localTotalWeight = 0; for (uint256 i = 0; i < derivativeCount; i++) localTotalWeight += weights[i]; totalWeight = localTotalWeight; for (uint i = 0; i < derivativeCount; i++) { uint256 weight = weights[i]; if (weight == 0) continue; uint256 ethAmount = (minAmount * weight) / totalWeight; require(ethAmount > 0, "weight too low"); } emit WeightChange(_derivativeIndex, _weight); }
Adding and removing functions can reduce gas costs and minimize unknown risks.
function removeDerivative( uint256 _derivativeIndex, address _checkDerivative ) external onlyOwner { require(_checkDerivative != address(0), "invalid address"); require(_checkDerivative == address(derivatives[_derivativeIndex]), "wrong derivative"); adjustWeight(_derivativeIndex, 0,_checkDerivative); rebalanceToWeights(); --derivativeCount; derivatives[_derivativeIndex] = derivatives[derivativeCount]; weights[_derivativeIndex] = weights[derivativeCount]; }
Lower gas, reduced risk, easier to understand.
struct Derivative { IDerivative derivative; uint96 weight; } mapping(uint256 => Derivative) public derivatives;
totalEth and totalEthAmount are not always equal, Whether returning or depositing, we should handle it.
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L83-L96 uint256 totalEth = msg.value; uint256 totalEthAmount; for (uint i = 0; i < derivativeCount; i++) { uint256 weight = weights[i]; IDerivative derivative = derivatives[i]; if (weight == 0) continue; uint256 ethAmount = (totalEth * weight) / totalWeight; totalEthAmount += ethAmount; // This is slightly less than ethAmount because slippage uint256 depositAmount = derivative.deposit{value: ethAmount}(); uint derivativeReceivedEthValue = (derivative.ethPerDerivative( depositAmount ) * depositAmount) / 10 ** 18; totalStakeValueEth += derivativeReceivedEthValue; } uint256 remaining = totalEth - totalEthAmount; // They are not always equal, Whether returning or depositing, we should handle it.
Convert uint to uint256
#0 - c4-sponsor
2023-04-10T16:47:47Z
toshiSat marked the issue as sponsor confirmed
#1 - c4-judge
2023-04-24T17:33:40Z
Picodes marked the issue as grade-b