Platform: Code4rena
Start Date: 30/05/2023
Pot Size: $300,500 USDC
Total HM: 79
Participants: 101
Period: about 1 month
Judge: Trust
Total Solo HM: 36
Id: 242
League: ETH
Rank: 74/101
Findings: 1
Award: $74.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 3kus-iosiro, Audit_Avengers, ByteBandits, IllIllI, Kamil-Chmielewski, Madalad, RED-LOTUS-REACH, Rolezn, Sathish9098, Stormreckson, Udsen, bin2chen, brgltd, ihtishamsudo, kaveyjoe, kodyvim, lukejohn, matrix_0wl, mgf15, nadin
74.2737 USDC - $74.27
1-wrong event emitted in the TalosBaseStrategy.sol contract have a rebalance() function that incorrectly emits the Rerange event instead of the Rebalance event. It is crucial to ensure that events are properly emitted in a contract to maintain transparency, interoperability, and user confidence in the system. https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/talos/base/TalosBaseStrategy.sol#L311-L321
2- Emitting the Snapshot event with uninitialized values of cache.amount0Desired and cache.amount1Desired may produce unexpected or misleading data when listening to the emitted event.
To ensure accurate and expected behavior, it is important to initialize the PoolVariables.Info struct before utilizing its members in calculations.
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/talos/libraries/PoolVariables.sol#L227-L230
-4 in the GovernorBravoDelegateMaia.sol contract after the queueOrRevertInternal timelock.queueTransaction should return bool, confirming it is successful https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/governance/GovernorBravoDelegateMaia.sol#L201-L202
5- In PartnerManagerFactory.sol If the check partners[partnerIds[partnerManager]] != partnerManager fails, it will revert with an InvalidPartnerManager error. However, this error message doesn't provide any meaningful information about what exactly is invalid. It would be helpful to have a more specific error message to assist with debugging.
6-Initialized struct variables in event poolVariable contract
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/talos/libraries/PoolVariables.sol#L229-L230
The event emitted for the snapshot should be updated as follows:
event Snapshot (uint256 totalAmount0, uint256 totalAmount1, int24 tickLower, int24 tickUpper, uint128 liquidity);
And the emitted snapshot should be updated accordingly:
emit Snapshot(cache.amount0, cache.amount1, cache.tickLower, cache.tickUpper, cache.liquidity);
This ensures that all the relevant values from the cache struct are included in the emitted Snapshot event.
Incorrect Return Type and Error Placement in amountsDirection() Function.
The amountsDirection() function in the codebase currently exhibits two issues:
Issue 1: Missing Return Type In the existing code, the amountsDirection() function does not specify a return type. As a result, the function's behavior and intended output may be ambiguous, leading to potential confusion for developers and users. By adding a return type, we can ensure better clarity and understanding of the function's purpose.
Issue 2: Incorrect Placement of Error Call Additionally, the amountsDirection() function seems to have an erroneous error call in the wrong place, leading to incorrect behavior. It is essential to place error calls at appropriate positions to handle exceptions and ensure accurate program execution. Reviewing and rectifying the placement of the error call can help prevent unexpected results and improve code reliability.
Missing Event in IncreaseConversionRate Function
The conversion rate function in the smart contract is missing an event statement, which reduces transparency and makes
it challenging for external entities to track rate changes
the increaseConversionRate function should emit the ConversionRateIncreased event with the appropriate old and new rates as parameters.
emit ConversionRateIncreased(oldRate, newRate);
Token owner verification
there is no check for the token owner and a user stakes a token that does not belong to them, it can result in unauthorized access to the staking system and token manipulation. This can cause a security vulnerability and can lead to potential financial losses for the users.
For example, if a user stakes a token that does not belong to them, they can manipulate the staking system by staking tokens that they do not own and receive rewards that they are not entitled to. This can lead to a loss of rewards for other users who have legitimately staked their tokens.
By adding the check deposits[params.tokenId].owner == msg.sender, the function ensures that only the owner of the token can stake it, preventing unauthorized access and potential security vulnerabilities.
#0 - c4-judge
2023-07-09T11:52:17Z
trust1995 marked the issue as grade-b