Platform: Code4rena
Start Date: 17/02/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 39
Period: 7 days
Judges: moose-code, JasoonS
Total Solo HM: 13
Id: 89
League: ETH
Rank: 16/39
Findings: 4
Award: $816.85
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: defsec
Also found by: 0v3rf10w, 0x0x0x, 0x1f8b, 0xwags, CertoraInc, Dravee, IllIllI, Meta0xNull, Nikolay, Omik, WatchPug, bobi, cccz, csanuragjain, danb, gzeon, hubble, hyh, itsmeSTYJ, jayjonah8, kenta, kirk-baird, leastwood, pauliax, peritoflores, rfa, robee, sorrynotsorry, ye0lde
212.4973 USDC - $212.50
LOW : 1. Title : Missing limit on how many AMMs can be added
Impact : The governance can add an amm, by calling whitelistAmm function, however there is no limit on how many amm that the contract can be held, if the governance keep adding amm, then the clearing house will brick with out of gas, since all other user is interacting with the clearing house and the main functionality of this contract is updatePoition and this function is being called by removeLiquidity, addLiquidity, openPosition, closePosition function
POC : https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L341
Title : Missing check on duplicate amm
Impact : There is missing check on axisting amm, and amm that will going to be added from whitelistAmm function, since there is no check whether the same amm is already being added or not, a multiple amm might be added without error.
POC : https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L341
Title : Grieve in processWtihdrawals
Impact : an attacker could grieve other user by burning many small amount VUSD, to inflate the withdrawals length until 99, and if the victim want to burn their VUSD to USDC, the victim will be placed in the 100, and when the victim want to take the USDC, by calling processWithdrawal, the victim will pay extra fee, that's because the victim must process the withdrawal that the attacker make 99 times, before the victim accept their USDC.
POC :
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L53
#0 - atvanguard
2022-02-26T05:54:56Z
Duplicate of #119, #97, #50
#1 - moose-code
2022-03-06T14:22:59Z
promote severity for grievance attack
87.3994 USDC - $87.40
GAS : 1. Title : Its cheaper using delete
Impact : In the removeLiquidity function if the diff value is 0, its cheaper to use delete instead setting the pos, vAsset, vUSD, dToken to zero, this can save +- 3 gas
POC : https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L243-L246
Mitigation :
delete __maker.pos; delete __maker.vAsset; delete __maker.vUSD; delete __maker.dToken;
Title : its cheaper to save length value to a local variable
Impact : when using a loop, its cheaper to save the length value of an array to a variable, so the loop didn't have to read the storage length in each loop, but comparing with the length that was already save in the local variable. For an array that has a length 10 it can save +- 1800 gas.
POC : https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L122 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L130 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L170 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L194
Title : its cheaper to use block.timestamp directly
Impact : Its cheaper to use block.timestamp directly instead calling it through a _blocktimestamp() function.
POC : https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/Oracle.sol#L65
#0 - atvanguard
2022-02-26T08:04:17Z
Good report.