Platform: Code4rena
Start Date: 03/07/2023
Pot Size: $40,000 USDC
Total HM: 14
Participants: 74
Period: 7 days
Judge: alcueca
Total Solo HM: 9
Id: 259
League: ETH
Rank: 56/74
Findings: 1
Award: $17.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xprinc
Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-
17.5208 USDC - $17.52
firstPump can be directly called, so it should check if the pump exists. According to https://github.com/code-423n4/2023-07-basin#documentation, including a Pump is optional.
function _addLiquidity( uint256[] memory tokenAmountsIn, uint256 minLpAmountOut, address recipient, bool feeOnTransfer ) internal returns (uint256 lpAmountOut) { IERC20[] memory _tokens = tokens(); uint256[] memory reserves = _updatePumps(_tokens.length); // @audit-issue low should check tokenAmountsIn.length == _tokens.length, also in getAddLiquidityOut
function removeLiquidity( uint256 lpAmountIn, uint256[] calldata minTokenAmountsOut, address recipient, uint256 deadline ) external nonReentrant expire(deadline) returns (uint256[] memory tokenAmountsOut) { IERC20[] memory _tokens = tokens(); uint256[] memory reserves = _updatePumps(_tokens.length); uint256 lpTokenSupply = totalSupply(); tokenAmountsOut = new uint256[](_tokens.length); _burn(msg.sender, lpAmountIn); tokenAmountsOut = _calcLPTokenUnderlying(wellFunction(), lpAmountIn, reserves, lpTokenSupply); // @audit-issue low should check minTokenAmountsOut.length == _tokens.length
function removeLiquidityImbalanced( uint256 maxLpAmountIn, uint256[] calldata tokenAmountsOut, address recipient, uint256 deadline ) external nonReentrant expire(deadline) returns (uint256 lpAmountIn) { IERC20[] memory _tokens = tokens(); uint256[] memory reserves = _updatePumps(_tokens.length); // @audit-issue low check tokenAmountsOut.length == tokenAmountsOut.length, also in getRemoveLiquidityImbalancedIn
function sync() external nonReentrant { IERC20[] memory _tokens = tokens(); uint256[] memory reserves = new uint256[](_tokens.length); for (uint256 i; i < _tokens.length; ++i) { reserves[i] = _tokens[i].balanceOf(address(this)); // @audit-issue non-critical should add assert that reserves[i] <= _tokens[i].balanceOf(address(this)) }
function skim(address recipient) external nonReentrant returns (uint256[] memory skimAmounts) { IERC20[] memory _tokens = tokens(); uint256[] memory reserves = _getReserves(_tokens.length); skimAmounts = new uint256[](_tokens.length); for (uint256 i; i < _tokens.length; ++i) { skimAmounts[i] = _tokens[i].balanceOf(address(this)) - reserves[i]; if (skimAmounts[i] > 0) { _tokens[i].safeTransfer(recipient, skimAmounts[i]); } } // @audit-issue non-critical should add skim event
#0 - c4-pre-sort
2023-07-12T08:13:53Z
141345 marked the issue as low quality report
#1 - c4-judge
2023-08-04T21:45:37Z
alcueca marked the issue as grade-a