Platform: Code4rena
Start Date: 29/03/2022
Pot Size: $30,000 USDC
Total HM: 6
Participants: 24
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 101
League: ETH
Rank: 6/24
Findings: 3
Award: $853.92
π Selected for report: 1
π Solo Findings: 0
π Selected for report: Meta0xNull
699.4582 USDC - $699.46
IERC20(_borrowAsset).transfer(_to, _fee);
If the USDT token is supported as _borrowAsset, the unsafe version of .transfer(_to, _fee) may revert as there is no return value in the USDT token contractβs transfer() implementation (but the IERC20 interface expects a return value).
Function start() will break when _borrowAsset is USDT or Non ERC20 Compliant Tokens. USDT is one of the most borrowed Asset in DEFI. This may cause losing a lot of potential users.
Use .safeTransfer instead of .transfer
IERC20(_borrowAsset).safeTransfer(_to, _fee);
100.7792 USDC - $100.78
The OpenZeppelin SafeERC20 safeApprove() function has been deprecated. Using this deprecated function can lead to unintended reverts and potentially the locking of funds. Discussion: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2219
As suggested by the OpenZeppelin comment, replace safeApprove() with safeIncreaseAllowance().
@dev only one of the lenders can liquidate their pooled credit line
Is Impossible All Lenders know how to monitor their pooled credit line and call function liquidate(). Suggest Open function liquidate() to Public and so Bot Developer can built bot to monitor pooled credit line and call function liquidate() when needed.
The @dev note in registerSelf() mention "@dev only owner can register users" but the function actually allow Users to register themselve. Suggest change to "@dev users themselves can register themself".
require(_verification != address(0), "Address Can't Be Zero")
require(_signerAddress != address(0), "Address Can't Be Zero")
There are multiple Spelling Mistake "idenitifer" in LenderPool.sol and PooledCreditLine.sol.
The correct spelling should be "identifier". Suggest use Find & Replace to find "idenitifer" and replace as "identifier".
#0 - ritik99
2022-04-13T08:44:19Z
Rest of the issues are relevant/acknowledged
53.6757 USDC - $53.68
Twitter ID Example: 10765432100123456789 Source: https://developer.twitter.com/en/docs/twitter-ids
Tweet ID Example: 40775075934244864 Source: https://groups.google.com/g/twitter-development-talk/c/4CGABcWH04E?pli=1
Both Twitter ID and Tweet ID above can fit into 32 bytes, then you should use bytes32 datatype rather than string as it is much cheaper in solidity. Basically, Any fixed size variable in solidity is cheaper than variable size. That will save gas on the contract.
Same as Gas Report No.1 Above. Use bytes32 Rather Than String
#0 - ritik99
2022-04-12T18:58:20Z
Both suggestions are valid