Platform: Code4rena
Start Date: 24/02/2022
Pot Size: $30,000 USDC
Total HM: 0
Participants: 28
Period: 3 days
Judge: Jack the Pug
Id: 95
League: ETH
Rank: 18/28
Findings: 2
Award: $655.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hickuphh3
Also found by: 0x1f8b, 0xwags, Dravee, IllIllI, Omik, Rhynorater, Ruhum, TerrierLover, cccz, cmichel, csanuragjain, defsec, gzeon, jayjonah8, kenta, kirk-baird, kyliek, leastwood, minhquanym, pedroais, peritoflores, robee, securerodd
603.4318 USDC - $603.43
LOW : 1. Title : approve() and increaseAllowance() had different checkWhitelist condition
Impact : checkWhitelist modifier in the approve() and increaseAllowance() is used to preventing giving more allowance more than 100.000 token, when userA already given allowance for 100.000 token to userB, userA can't give another allowance through increaseAllowance(), however userA still can give userB allowance for another 100.000 token by calling approve(), by repeating this userB can get an allowance more than it allowed, assuming userA and userB is not whitelisted.
POC : https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L235
Title : change decimals to hardcoded value
Impact : to minimize user error on calling initialize(), the decimals value should be set to constant and hardcoded in the storage.
POC : https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L105
🌟 Selected for report: Dravee
Also found by: 0x1f8b, IllIllI, Omik, Rhynorater, TerrierLover, Tomio, defsec, gzeon, kenta, pedroais, peritoflores, rfa, robee, securerodd, sorrynotsorry, ye0lde
52.1011 USDC - $52.10
GAS : 1. Title : use constant value.
Impact : In the checkWhitelist modifier instead of doing calculation every time this modifier is executed, its cheaper to make it a constant variable in the storage, and the checkWhitelist only need to call the constant variable.
POC : https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L624
Title : use unchecked is way cheaper
Impact : In the solidity version 0.8 above there already default check on underflow and overflow, and since https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L326 there is already check on amount and balance[from], and check by default on solidity 0.8 above, its cheaper to use unchecked blok for the balance calculation the subtraction and add.
POC : https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L326-L327
Title : its cheaper to use constant variable
Impact : its cheaper to call decimals, name, and symbol as a constant value, since these variable shouldn't change after deployement. You can do this by hardcoded this value directly in the storage.
POC : https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol#L51
#0 - thurendous
2022-03-01T09:25:25Z
1,2,3 can be valid. duplicate of #60, #27 and #49