Platform: Code4rena
Start Date: 26/08/2021
Pot Size: $200,000 USDC
Total HM: 17
Participants: 11
Period: 14 days
Judge: ghoulsol
Total Solo HM: 12
Id: 23
League: ETH
Rank: 6/11
Findings: 4
Award: $7,478.68
🌟 Selected for report: 2
🚀 Solo Findings: 0
1557.1694 NOTE - $1,557.17
4671.5083 USDC - $4,671.51
Omik
The implementation of the transfer function in the https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/nTokenAction.sol is the different from the usual erc20 token transfer function, this happen because it count the incentive that the user get, but the with self tranfer it can lead to unlimited mint, because https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/nTokenAction.sol#L278 it makes the amount to negative, but in the https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/nTokenAction.sol#L279 it return the value to amount that not negative, so in the https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/nTokenAction.sol#L281-282 it finalize the positive value only since the negative value is change to the positive value, you can interact this transfer function through https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/adapters/nTokenERC20Proxy.sol
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Manual
add (sender != recipient)
#0 - jeffywu
2021-08-27T15:18:09Z
This looks like a bug to me, will confirm this weekend with a unit test.
🌟 Selected for report: Omik
312.5 NOTE - $312.50
937.5 USDC - $937.50
Omik
when using -2**255 it takes more gas, than using type(int256).min
use type(int256).min;
#0 - jeffywu
2021-09-11T18:14:53Z
This is a best practice recommendation, constants do not have an impact on gas at runtime.