Platform: Code4rena
Start Date: 07/09/2022
Pot Size: $20,000 CANTO
Total HM: 7
Participants: 65
Period: 1 day
Judge: 0xean
Total Solo HM: 3
Id: 159
League: ETH
Rank: 9/65
Findings: 3
Award: $357.08
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hickuphh3
Also found by: 0xNazgul, 0xSky, CertoraInc, Deivitto, Jeiwan, SinceJuly, hansfriese, linmiaomiao, rbserver
When calculating token0TVL, the devision of decimal and price is before the multiplication of reserve, which will cause loss of precision and will make LP token price wrong.
The token0TVL is calculated using
token0TVL = assetReserves[i] * (prices[i] / decimals)
Solidity operates only with integers. Thus, if the division is done before the multiplication, the
rounding errors can increase dramatically, resulting in the wrong LP Token price.
Visual Studio Code
It is recommended to perform multiplication before division to avoid precision loss.
token0TVL = assetReserves[i] * prices[i] / decimals
#0 - nivasan1
2022-09-08T21:34:03Z
duplicate of #41
🌟 Selected for report: Chom
Also found by: 0xSmartContract, Jeiwan, SinceJuly, V_B, cccz, linmiaomiao
1303.145 CANTO - $210.46
An exploiter may create a fake tokens whose symbols are cNOTE, cUSDT or cUSDC. When somebody call computrolle’s liquidateCalculateSeizeTokens ,it will give an unlisted token with other token's (it can be unlisted token or listed token) collateral number. If there are other contracts without whitelist of tokens and use Canto as its price oracle, getUnderlyingPrice will be exploited to produce fake price.
Visual Studio Code
Consider using the address instead of symbol to identify them.
#0 - nivasan1
2022-09-10T00:03:27Z
the getUnderlyingPrice method in the router is only meant to be used by the comptroller. In this case, for a cToken to be priced incorrectly, chain governance would need to vote to support the cToken in the Comptroller. In which case a co-ordinated attack is very unlikely.
#1 - nivasan1
2022-09-10T17:21:49Z
duplicate #24
🌟 Selected for report: lukris02
Also found by: 0x040, 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xSky, Bnke0x0, Bronicle, CertoraInc, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, EthLedger, IgnacioB, JC, JansenC, Jeiwan, R2, RaymondFam, ReyAdmirado, Rolezn, SinceJuly, TomJ, Tomo, Yiko, a12jmx, ajtra, ak1, codexploder, cryptphi, csanuragjain, erictee, fatherOfBlocks, gogo, hake, hansfriese, hickuphh3, ignacio, ontofractal, oyc_109, p_crypt0, pashov, peritoflores, rajatbeladiya, rbserver, rokinot, rvierdiiev, tnevler
242.8216 CANTO - $39.22
_returnStableBooleans is internal and not used in the contract, it is recommended to remove the function.