Platform: Code4rena
Start Date: 01/07/2022
Pot Size: $75,000 USDC
Total HM: 17
Participants: 105
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 5
Id: 143
League: ETH
Rank: 5/105
Findings: 3
Award: $4,428.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: philogy
Also found by: Lambda, berndartmueller
3859.255 USDC - $3,859.26
In JBTokenStore.changeFor, there is the possiblity to change the owner of the old token, but it is neither checked nor automatically enforced (e.g., with an approval of the old owner) that the new token is owned by the token store. If this is not the case, the consequences are severe. Minting and burning will revert (as these functions are restricted to the owner), meaning that the mintFor and burnFrom functions also will revert.
Either check that the token store is the owner or automatically initiate an ownership transfer (where an approval of the previous owner is necessary).
#0 - mejango
2022-07-12T17:31:44Z
dup of #104
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xdanial, 0xf15ers, Bnke0x0, Ch_301, Chandr, Chom, Funen, GimelSec, Hawkeye, JC, Kaiziron, Lambda, Meera, MiloTruck, Noah3o6, Picodes, ReyAdmirado, Rohan16, Sm4rty, TerrierLover, TomJ, Waze, _Adam, __141345__, asutorufos, aysha, berndartmueller, brgltd, cccz, codexploder, defsec, delfin454000, djxploit, durianSausage, fatherOfBlocks, hake, horsefacts, hubble, jayfromthe13th, joestakey, jonatascm, m_Rassska, oyc_109, pashov, rajatbeladiya, rbserver, robee, sach1r0, sahar, samruna, simon135, svskaushik, zzzitron
523.8223 USDC - $523.82
addFeedFor (https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/c363abb67302314c2e061a01f76eb5e5dce2c935/contracts/JBPrices.sol#L115), it would make sens to check if the inverse feed exists (because this one is also queried) to avoid situations where both feeds are added (potentially returning slightly different values) and the result can therefore depend on the order of the currenciessetTerminalsOf (https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/69687ba8648b6725764ad941b57cd542964eb64c/contracts/JBDirectory.sol#L258), setPrimaryTerminalOf (https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/69687ba8648b6725764ad941b57cd542964eb64c/contracts/JBDirectory.sol#L304) should also be callable by the controller according to the description, but this is not implemented.🌟 Selected for report: 0xA5DF
Also found by: 0v3rf10w, 0x09GTO, 0x1f8b, 0x29A, 0xDjango, 0xKitsune, 0xNazgul, 0xdanial, 0xf15ers, Aymen0909, Bnke0x0, Ch_301, Cheeezzyyyy, Chom, ElKu, Funen, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Lambda, Limbooo, Meera, Metatron, MiloTruck, Noah3o6, Picodes, Randyyy, RedOneN, ReyAdmirado, Rohan16, Saintcode_, Sm4rty, TomJ, Tomio, Tutturu, UnusualTurtle, Waze, _Adam, __141345__, ajtra, apostle0x01, asutorufos, brgltd, c3phas, cRat1st0s, codexploder, defsec, delfin454000, djxploit, durianSausage, exd0tpy, fatherOfBlocks, hake, horsefacts, ignacio, jayfromthe13th, joestakey, jonatascm, kaden, kebabsec, m_Rassska, mektigboy, mrpathfindr, oyc_109, rajatbeladiya, rbserver, rfa, robee, sach1r0, sashik_eth, simon135
45.8024 USDC - $45.80
unchecked because an overflow / underflow is not possible there (usually already checked before, e.g. in loops):
_primaryTerminalOf[_projectId][token] is used multiple times and can be cached instead of reading it every timebreak out of the loop and therefore avoid the remaining iterations.