Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $100,000 USDC
Total HM: 18
Participants: 60
Period: 7 days
Judge: gzeon
Total Solo HM: 10
Id: 112
League: ETH
Rank: 37/60
Findings: 2
Award: $244.27
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s
159.3125 USDC - $159.31
Summary: some ERC20 tokens require approving to 0 first
Details: Some tokens (such as USDT) do not work when changing the allowance from an existing non-zero allowance value.
Mitigation: In L50 of TopUpAction.sol change the code to
IERC20(token).safeApprove(stakerVaultAddress, 0); IERC20(token).safeApprove(stakerVaultAddress, depositAmount);
The same pattern should be applied to the following lines mutatis mutandis:
Impact: Low, depending which tokens will be integrated in backd
Summary: misleading error message could potentially confuse developers when debugging code
Details:
On L86 of Preparable.sol, if deadlines[key] is zero then the return message will be Error.DEADLINE_NOT_ZERO, which is the opposite condition of the error (cf. L28 of Preparable.sol for the same error but with the correct context).
The same can be said of L98 of Preparable.sol.
Impact: Code QA
π Selected for report: joestakey
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xmint, Dravee, Funen, IllIllI, MaratCerby, NoamYakov, Tadashi, TerrierLover, Tomio, WatchPug, catchup, defsec, fatherOfBlocks, hake, horsefacts, kenta, oyc_109, pauliax, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tin537, z3s
84.957 USDC - $84.96
Summary: Immutable variable can be changed to constant to reduce deployment cost
Details: Immutable variables are evaluated once at construction time and their value is copied to all the places in the code where they are accessed. For these values, 32 bytes are reserved, even if they would fit in fewer bytes. In particular address variables has only 20 bytes and the immutable variable of L27 of ChainlinkUSDWrapper.sol can be changed to a constant variable, i.e.:
IChainlinkOracle private constant _ethOracle = IChainlinkOracle(0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419);
Summary: some branches are not executed and can be eliminated from the code
Details:
Function addStakerVault (L277 of AddressProvider.sol) only reverts or return true. This means that L43-L45 of Controller.sol can be simplified to:
addressProvider.addStakerVault(stakerVault);
Details: Change L676 of TopUpAction.sol to
require(vars.success, Error.TOP_UP_FAILED); require(abi.decode(vars.topupResult, (bool)), Error.TOP_UP_FAILED);
in order to avoid using &&.
Note: I only recommend this optimization if backd gives a proper documentation for the error Error.TOP_UP_FAILED. Otherwise, developers may miss one of the conditions when debugging a reverted transaction.
Details: i++ can be replaced by ++i in the following loops: