Platform: Code4rena
Start Date: 07/04/2022
Pot Size: $100,000 USDC
Total HM: 20
Participants: 62
Period: 7 days
Judge: LSDan
Total Solo HM: 11
Id: 107
League: ETH
Rank: 38/62
Findings: 2
Award: $233.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0x1f8b, 0xDjango, 0xkatana, AuditsAreUS, Cityscape, Foundation, Funen, Hawkeye, IllIllI, JC, JMukesh, Jujic, Kthere, PPrieditis, Picodes, Ruhum, TerrierLover, TrungOre, WatchPug, berndartmueller, catchup, cccz, cmichel, delfin454000, dy, ellahi, hickuphh3, horsefacts, hubble, hyh, ilan, jayjonah8, kebabsec, kenta, minhquanym, pauliax, rayn, reassor, rfa, robee, samruna
152.5804 USDC - $152.58
##Tokens should implement Permit for integrations purposes
Team should consider implementing ERC2612 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/draft-ERC20Permit.sol as it enables a lot of powerful integrations where you can skip the approval step and do everything in 1 transaction. It can also simply JPEG UX.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/tokens/StableCoin.sol https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/tokens/JPEG.sol
##Trust placed in DAOs seems highly dangerous and could be avoided https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/FungibleAssetVaultForDAO.sol#L18
Here, why not implementing safeguards for DAOs Fungible Vaults ? Like you could burn borrowed assets on their behalf, or withdraw and do a by hand liquidation with some governance functions
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Cr4ckM3, FSchmoede, Foundation, Funen, Hawkeye, IllIllI, JMukesh, Meta0xNull, PPrieditis, Picodes, TerrierLover, Tomio, WatchPug, berndartmueller, catchup, delfin454000, dirk_y, ellahi, hickuphh3, ilan, kebabsec, kenta, nahnah, rayn, rfa, robee, rokinot, saian, securerodd, slywaters, sorrynotsorry
80.5853 USDC - $80.59
stablecoin could be made constant or immutable, that is to say could be written in the implementation’s byte code as should be the same across all vaults.