Platform: Code4rena
Start Date: 04/03/2024
Pot Size: $36,500 USDC
Total HM: 9
Participants: 80
Period: 7 days
Judge: hansfriese
Total Solo HM: 2
Id: 332
League: ETH
Rank: 10/80
Findings: 1
Award: $616.93
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: carrotsmuggler
616.9286 USDC - $616.93
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L540
The prize vault allowed its user to deposit using a signature through depositWithPermit(), which allowed the user to only make a single transaction when depositing their funds to the vault. However, if the vault accept a DAI asset, and the user wanted to deposit their funds through depositWithPermit() their transaction will fail/revert. This can happen because the function signature that the DAI.permit has and IERC20Permit.permit has is different.
IERC20Permit = https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/IERC20Permit.sol#L66-L74
function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external;
ETHEREUM.DAI = https://etherscan.io/token/0x6b175474e89094c44da98b954eedeac495271d0f#code
function permit( address holder, address spender, uint256 nonce, uint256 expiry, bool allowed, uint8 v, bytes32 r, bytes32 s ) external;
Manual
Context
#0 - c4-pre-sort
2024-03-12T00:49:57Z
raymondfam marked the issue as insufficient quality report
#1 - c4-pre-sort
2024-03-12T00:50:56Z
raymondfam marked the issue as primary issue
#2 - c4-pre-sort
2024-03-12T00:53:58Z
raymondfam marked the issue as sufficient quality report
#3 - raymondfam
2024-03-12T00:55:06Z
Incompatible function signatures on selected ERC20 tokens.
#4 - c4-pre-sort
2024-03-13T05:14:42Z
raymondfam marked the issue as duplicate of #51
#5 - c4-judge
2024-03-15T08:12:03Z
hansfriese marked the issue as satisfactory