Platform: Code4rena
Start Date: 24/03/2022
Pot Size: $75,000 USDC
Total HM: 15
Participants: 59
Period: 7 days
Judge: gzeon
Id: 103
League: ETH
Rank: 24/59
Findings: 3
Award: $846.17
π Selected for report: 0
π Solo Findings: 0
π Selected for report: shw
Also found by: Picodes, hickuphh3, hyh, pmerkleplant
665.807 USDC - $665.81
Here: https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Libraries/LibSwap.sol#L42, it should be fromAmount , otherwise it can be really misleading for users and decrease the flexibility as you can only have 1 swap (the first) involving native asset.
Assume Alice wants to swap 1 ETH for 3000 USDC in first swap using Uniswap, and then 1 ETH for 3000 USDC in a second swap using Sushiswap, all the eth would be send to Uniswap !
Another case would be if Alice wants to first swap USDC to DAI, and then ETH to DAI, all ETH would be sent to the first swap !
#0 - H3xept
2022-04-12T11:12:41Z
Fixed in lifinance/lifi-contracts@0d3fface2c1f299ea2a91bb97fcd1ccaff6fe0da
#1 - maxklenk
2022-04-14T08:46:58Z
We "disagree with severity" as this issue would not allow to access other users funds. As soon as the the contract would try to execute the second swap the whole contract call would revert as the msg.value has already been used and can't be send along again. While this is clearly a bug, it is not a high risk one.
#2 - gzeoneth
2022-04-16T16:53:59Z
Agree with sponsor that no fund is lost. Changing to Med Risk due to potential tx revert.
#3 - gzeoneth
2022-04-16T18:13:10Z
Duplicate of #207
π Selected for report: hake
Also found by: 0v3rf10w, 0xDjango, 0xkatana, BouSalman, CertoraInc, Dravee, Hawkeye, IllIllI, JMukesh, Jujic, Kenshin, PPrieditis, Picodes, PranavG, Ruhum, SolidityScan, VAD37, WatchPug, aga7hokakological, catchup, csanuragjain, cthulhu_cult, defsec, dimitri, hickuphh3, hubble, hyh, kenta, kirk-baird, obront, peritoflores, rayn, robee, saian, samruna, shenwilly, shw, sorrynotsorry, tchkvsky, teryanarmen, ych18
118.82 USDC - $118.82
Comments here are misleading:
"Performs a swap and that's it" whereas you can pass an array of swap and perform multiple operations.
"an array of swap related data for performing swaps before bridging" whereas the function is external so could be used without any bridging
π Selected for report: Dravee
Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, ACai, CertoraInc, FSchmoede, Funen, Hawkeye, IllIllI, Jujic, Kenshin, PPrieditis, Picodes, SolidityScan, TerrierLover, Tomio, WatchPug, catchup, csanuragjain, defsec, dimitri, hake, hickuphh3, kenta, minhquanym, obront, peritoflores, rayn, rfa, robee, saian, samruna, tchkvsky, teryanarmen, ych18
61.5429 USDC - $61.54
Code could be reorganized to reuse the same check and be more readable:
if (!LibAsset.isNativeAsset(fromAssetId)) { if(LibAsset.getOwnBalance(fromAssetId) < fromAmount) { LibAsset.transferFromERC20(fromAssetId, msg.sender, address(this), fromAmount); } LibAsset.approveERC20(IERC20(fromAssetId), _swapData.approveTo, fromAmount); }
#0 - H3xept
2022-04-04T08:26:22Z
Fixed in previous commit.
#1 - H3xept
2022-04-08T15:21:21Z
Duplicate of #39