Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $50,000 USDC
Total HM: 15
Participants: 120
Period: 5 days
Judge: Justin Goro
Total Solo HM: 6
Id: 153
League: ETH
Rank: 78/120
Findings: 1
Award: $47.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0x52, 0xA5DF, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, EthLedger, Funen, IllIllI, JC, Junnon, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, SaharAP, Sm4rty, SooYa, The_GUILD, TomJ, Waze, Yiko, _Adam, __141345__, a12jmx, ak1, asutorufos, auditor0517, ayeslick, ballx, beelzebufo, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, cccz, cryptonue, cryptphi, d3e4, delfin454000, dipp, djxploit, durianSausage, dy, erictee, fatherOfBlocks, gogo, gzeon, hyh, ignacio, kyteg, ladboy233, medikko, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, simon135, sryysryy, tabish, yac, yash90, zzzitron
47.0406 USDC - $47.04
2022-08-frax\src\contracts\FraxlendPair.sol::289 => for (uint256 i = 0; i < _lenders.length; i++) { 2022-08-frax\src\contracts\FraxlendPair.sol::308 => for (uint256 i = 0; i < _borrowers.length; i++) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::265 => for (uint256 i = 0; i < _approvedBorrowers.length; ++i) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::270 => for (uint256 i = 0; i < _approvedLenders.length; ++i) { 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::402 => for (uint256 i = 0; i < _lengthOfArray; ) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::51 => for (uint256 i = 0; i < _addresses.length; i++) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::66 => for (uint256 i = 0; i < _addresses.length; i++) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::81 => for (uint256 i = 0; i < _addresses.length; i++) {
2022-08-frax\src\contracts\FraxlendPair.sol::80 => // solhint-disable-next-line max-line-length 2022-08-frax\src\contracts\FraxlendPair.sol::289 => for (uint256 i = 0; i < _lenders.length; i++) { 2022-08-frax\src\contracts\FraxlendPair.sol::308 => for (uint256 i = 0; i < _borrowers.length; i++) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::254 => if (bytes(_name).length == 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::257 => if (bytes(nameOfContract).length != 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::265 => for (uint256 i = 0; i < _approvedBorrowers.length; ++i) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::270 => for (uint256 i = 0; i < _approvedLenders.length; ++i) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::1089 => if (_path[_path.length - 1] != address(_collateralContract)) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::1090 => revert InvalidPath(address(_collateralContract), _path[_path.length - 1]); 2022-08-frax\src\contracts\FraxlendPairCore.sol::1175 => if (_path[_path.length - 1] != address(_assetContract)) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::1176 => revert InvalidPath(address(_assetContract), _path[_path.length - 1]); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::114 => /// @notice The ```deployedPairsLength``` function returns the length of the deployedPairsArray 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::115 => /// @return length of array 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::117 => return deployedPairsArray.length; 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::124 => uint256 _lengthOfArray = _deployedPairsArray.length; 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::125 => address[] memory _addresses = new address[](_lengthOfArray); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::127 => for (i = 0; i < _lengthOfArray; ) { 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::149 => uint256 _lengthOfArray = _addresses.length; 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::151 => _pairCustomStatuses = new PairCustomStatus[](_lengthOfArray); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::152 => for (i = 0; i < _lengthOfArray; ) { 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::173 => if (_creationCode.length > 13000) { 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::174 => bytes memory _secondHalf = BytesLib.slice(_creationCode, 13000, _creationCode.length - 13000); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::324 => (deployedPairsArray.length + 1).toString() 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::379 => _approvedBorrowers.length > 0, 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::380 => _approvedLenders.length > 0 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::401 => uint256 _lengthOfArray = _addresses.length; 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::402 => for (uint256 i = 0; i < _lengthOfArray; ) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::51 => for (uint256 i = 0; i < _addresses.length; i++) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::66 => for (uint256 i = 0; i < _addresses.length; i++) { 2022-08-frax\src\contracts\FraxlendWhitelist.sol::81 => for (uint256 i = 0; i < _addresses.length; i++) {
2022-08-frax\src\contracts\FraxlendPairCore.sol::440 => // We know totalBorrow.shares > 0 2022-08-frax\src\contracts\FraxlendPairCore.sol::477 => if (_currentRateInfo.feeToProtocolRate > 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::754 => if (_collateralAmount > 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::835 => if (userBorrowShares[msg.sender] > 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::1002 => if (_leftoverBorrowShares > 0) { 2022-08-frax\src\contracts\FraxlendPairCore.sol::1094 => if (_initialCollateralAmount > 0) { 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::379 => _approvedBorrowers.length > 0, 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::380 => _approvedLenders.length > 0 2022-08-frax\src\contracts\FraxlendPairHelper.sol::235 => if (_feeToProtocolRate > 0) { 2022-08-frax\src\contracts\FraxlendPairHelper.sol::292 => if (_leftoverCollateral <= 0 && (_borrowerShares - _sharesToLiquidate) > 0) { 2022-08-frax\src\contracts\LinearInterestRate.sol::66 => _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0, 2022-08-frax\src\contracts\LinearInterestRate.sol::67 => "LinearInterestRate: _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0"
2022-08-frax\src\contracts\FraxlendPairDeployer.sol::204 => bytes32 salt = keccak256(abi.encodePacked(_saltSeed, _configData)); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::329 => keccak256(abi.encodePacked("public")), 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::372 => keccak256(abi.encodePacked(_name)),
2022-08-frax\src\contracts\FraxlendPairDeployer.sol::205 => require(deployedPairsBySalt[salt] == address(0), "FraxlendPairDeployer: Pair already deployed"); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::228 => require(_pairAddress != address(0), "FraxlendPairDeployer: create2 failed"); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::253 => require(deployedPairsByName[_name] == address(0), "FraxlendPairDeployer: Pair name must be unique"); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::365 => require(_maxLTV <= GLOBAL_MAX_LTV, "FraxlendPairDeployer: _maxLTV is too large"); 2022-08-frax\src\contracts\FraxlendPairDeployer.sol::368 => "FraxlendPairDeployer: Only whitelisted addresses" 2022-08-frax\src\contracts\LinearInterestRate.sol::59 => "LinearInterestRate: _minInterest < MAX_INT && _minInterest <= _vertexInterest && _minInterest >= MIN_INT" 2022-08-frax\src\contracts\LinearInterestRate.sol::63 => "LinearInterestRate: _maxInterest <= MAX_INT && _vertexInterest <= _maxInterest && _maxInterest > MIN_INT" 2022-08-frax\src\contracts\LinearInterestRate.sol::67 => "LinearInterestRate: _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0" 2022-08-frax\src\contracts\VariableInterestRate.sol::47 => return "Variable Time-Weighted Interest Rate";
Qa issue.
2022-08-frax\src\contracts\FraxlendPairCore.sol::783 => /// @dev msg.sender must call ERC20.approve() on the Collateral Token contract prior to invocation 2022-08-frax\src\contracts\FraxlendPairCore.sol::849 => /// @dev The payer must have called ERC20.approve() on the Asset Token contract prior to invocation 2022-08-frax\src\contracts\FraxlendPairCore.sol::878 => /// @dev Caller must first invoke ```ERC20.approve()``` for the Asset Token contract 2022-08-frax\src\contracts\FraxlendPairCore.sol::1055 => /// @dev Caller must invoke ```ERC20.approve()``` on the Collateral Token contract prior to calling function 2022-08-frax\src\contracts\FraxlendPairCore.sol::1103 => _assetContract.approve(_swapperAddress, _borrowAmount); 2022-08-frax\src\contracts\FraxlendPairCore.sol::1184 => _collateralContract.approve(_swapperAddress, _collateralToSwap);
2022-08-frax\src\contracts\FraxlendPair.sol::289 => for (uint256 i = 0; i < _lenders.length; i++) { 2022-08-frax\src\contracts\FraxlendPair.sol::308 => for (uint256 i = 0; i < _borrowers.length; i++) {