xTRIBE contest - MaratCerby's results

A TRIBE tokenomic upgrade with multi-delegation, autocompounding rewards, and reward delegation

General Information

Platform: Code4rena

Start Date: 21/04/2022

Pot Size: $75,000 USDC

Total HM: 7

Participants: 45

Period: 7 days

Judge: 0xean

Total Solo HM: 5

Id: 111

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 21/45

Findings: 1

Award: $225.70

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Tribe

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xmint, CertoraInc, Dravee, MaratCerby, Ruhum, VAD37, catchup, csanuragjain, defsec, delfin454000, dipp, fatima_naz, gzeon, hake, hyh, joestakey, kebabsec, oyc_109, rayn, robee, samruna, simon135, sorrynotsorry, teryanarmen

Awards

225.6965 USDC - $225.70

Labels

bug

sponsor acknowledged

QA (Quality Assurance)

External Links

Link to GitHub issue

Impact

https://github.com/fei-protocol/ERC4626/blob/643cd044fac34bcbf64e1c3790a5126fec0dbec1/src/xERC4626.sol#L45-L62 Move lastSync_ closer to usage.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: function totalAssets() public view override returns (uint256) { // cache global vars uint256 storedTotalAssets_ = storedTotalAssets; uint192 lastRewardAmount_ = lastRewardAmount; uint32 rewardsCycleEnd_ = rewardsCycleEnd;

if (block.timestamp >= rewardsCycleEnd_) {
    // no rewards or rewards fully unlocked
    // entire reward amount is available
    return storedTotalAssets_ + lastRewardAmount_;
}

// rewards not fully unlocked
// add unlocked rewards to stored total
uint32 lastSync_ = lastSync;
uint256 unlockedRewards = (lastRewardAmount_ * (block.timestamp - lastSync_)) / (rewardsCycleEnd_ - lastSync_);
return storedTotalAssets_ + unlockedRewards;

}

Impact

https://github.com/fei-protocol/ERC4626/blob/643cd044fac34bcbf64e1c3790a5126fec0dbec1/src/xERC4626.sol#L4 Solidity version >=0.8.4 is required since the code is using custom errors.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: pragma solidity ^0.8.4;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20MultiVotes.sol#L4 Solidity version >=0.8.4 is required since the code is using custom errors.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: pragma solidity ^0.8.4;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L3 Solidity version >=0.8.4 is required since the code is using custom errors.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: pragma solidity ^0.8.4;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L134 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L184 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L307 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L384 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20Gauges.sol#L564 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L189 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/xTRIBE/blob/989e47d176facbb0c38bc1e1ca58672f179159e1/src/xTRIBE.sol#L95 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20MultiVotes.sol#L79 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

Impact

https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/token/ERC20MultiVotes.sol#L346 Uint256 by default is set to zero.

Proof of Concept

Tools Used

Recommended Mitigation Steps

Recommended code: uint256 i;

xTRIBE contest - MaratCerby's results

A TRIBE tokenomic upgrade with multi-delegation, autocompounding rewards, and reward delegation

General Information

Findings Distribution

Researcher Performance

External Links

[Q-03] QA Report - $225.70

Findings Information

Awards

Labels

External Links

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps