Platform: Code4rena
Start Date: 22/09/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 175
Period: 14 days
Judge: alcueca
Total Solo HM: 4
Id: 287
League: ETH
Rank: 120/175
Findings: 1
Award: $25.68
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: MrPotatoMagic
Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-
25.6785 USDC - $25.68
Absence of comma "," in comment description causes misinterpretation of code from IRootBridgeAgent.sol. As corrected in the code snippet below "has not been executed yet, triggering" is different from "has not been executed, yet triggering", not having a comma makes it even more complicated as this comment description is relevant to this code description: https://github.com/code-423n4/2023-09-maia/blob/main/src/RootBridgeAgent.sol#L711-L718 . The comment Description: https://github.com/code-423n4/2023-09-maia/blob/main/src/interfaces/IRootBridgeAgent.sol#L54 .
54. --- * 0x08 | Call to `retrieveDeposit()ยด. (clears a deposit that has not been executed yet triggering `_fallback`) 54. +++ * 0x08 | Call to `retrieveDeposit()ยด. (clears a deposit that has not been executed yet, triggering `_fallback`)
Maia Protocol should consider adding a return value for burn function call just as it is done for the mint function to help in validation to avoid unnecessary failure of implemenation which could affect proper functionality of protocol https://github.com/code-423n4/2023-09-maia/blob/main/src/token/ERC20hTokenRoot.sol#L69-L73
--- function burn(address from, uint256 amount, uint256 chainId) external onlyOwner { +++ function burn(address from, uint256 amount, uint256 chainId) external onlyOwner returns (bool) { getTokenBalance[chainId] -= amount; _burn(from, amount); +++ return true; }
https://github.com/code-423n4/2023-09-maia/blob/main/src/token/ERC20hTokenBranch.sol#L35-L37
--- function burn(uint256 amount) public override onlyOwner { +++ function burn(uint256 amount) public override onlyOwner returns (bool) { _burn(msg.sender, amount); +++ return true; }
This bool return value should be used to validate the burn function where it is being called as listed below L527 of BranchPort.sol, L321 of RootPort.sol, L332 of RootPort.sol & L1161 of RootBridgeAgent.sol.
Missing Zero Check for _amount in the mintToLocalBranch(...) function, a validation is necessary as the major functionality of the function is to mint which is not possible if amount is zero, so a reversion is necessary if amount is zero to avoid unnecessary malicious interaction. https://github.com/code-423n4/2023-09-maia/blob/main/src/RootPort.sol#L342
function mintToLocalBranch(address _to, address _hToken, uint256 _amount) external override requiresLocalBranchPort { +++ require(_amount > 0 , "Invalid Amount" ) if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); if (!ERC20hTokenRoot(_hToken).mint(_to, _amount, localChainId)) revert UnableToMint(); }
Wrong Implementation or Wrong Comment description at L201 of BranchPort.sol contract. Strategy Token Global Debt was written in description however "portStrategyTokenDebt" was used not Global "strategyTokenDebt", either the comment is wrong or the implementation is wrong, correct comment is applied below, but if it is the implementation that is wrong, it should be adjusted accordingly https://github.com/code-423n4/2023-09-maia/blob/main/src/BranchPort.sol#L201
--- // Calculate amount to withdraw. The lesser of reserves lacking or Strategy Token Global Debt. +++ // Calculate amount to withdraw. The lesser of reserves lacking or Strategy Token Global Debt. uint256 amountToWithdraw = portStrategyTokenDebt < reservesLacking ? portStrategyTokenDebt : reservesLacking;
Wrong Comment description l48 of BranchPort.sol contract. The word "surpass" in this context could be misinterpreted to something else, a better way would be to use the word "affect", i.e "Check if request would affect the tokens minimum reserves" https://github.com/code-423n4/2023-09-maia/blob/main/src/BranchPort.sol#L148
--- // Check if request would surpass the tokens minimum reserves +++ // Check if request would affect the tokens minimum reserves if (_amount > _excessReserves(_strategyTokenDebt, _token)) revert InsufficientReserves();
A better way to write the two conditions from the code snippet below is to use the "||" operator, it makes it more cleaner, efficient and readable https://github.com/code-423n4/2023-09-maia/blob/main/src/RootBridgeAgent.sol#L1060-L1061
--- if (_globalAddresses.length != _amounts.length) revert InvalidInputParamsLength(); --- if (_amounts.length != _deposits.length) revert InvalidInputParamsLength(); +++ if (_globalAddresses.length != _amounts.length || _amounts.length != _deposits.length) revert InvalidInputParamsLength();
#0 - c4-pre-sort
2023-10-15T13:15:04Z
0xA5DF marked the issue as sufficient quality report
#1 - c4-judge
2023-10-21T12:53:14Z
alcueca marked the issue as grade-a