Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 90/110
Findings: 1
Award: $36.62
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Respx
Also found by: 0x1f8b, 0xDecorativePineapple, 0xNazgul, 0xPanas, 0xSmartContract, 0xc0ffEE, 0xmuxyz, Aymen0909, Bahurum, Bnke0x0, CodingNameKiki, Deivitto, Jeiwan, Lambda, Picodes, PwnPatrol, R2, RaymondFam, Rolezn, Ruhum, Saintcode_, SooYa, Tointer, V_B, ajtra, ak1, async, auditor0517, brgltd, c3phas, carrotsmuggler, cccz, csanuragjain, datapunk, djxploit, durianSausage, eierina, erictee, gogo, imare, joestakey, jonatascm, kv, ladboy233, leosathya, lukris02, oyc_109, pashov, pauliax, rbserver, robee, rokinot, rvierdiiev, scaraven, simon135, unforgiven, wagmi, zzzitron
36.6223 USDC - $36.62
There is a depositETH function in a Vault smart contract. The function accepts ether, deposit it to WETH contract and transfer wrapped tokens to the sender. Later the funds will be transferred as a ERC20 token from users account to smart contract.
The alternative approach can be just accepting the ether, that which will reduce the cost of depositing a lot and clarify the logic.
The Vault smart contract has the following check in the beforeWithdraw function:
if ( keccak256(abi.encodePacked(symbol)) == keccak256(abi.encodePacked("rY2K")) ) { ... }
It makes no sense to do this check every time the function is called, it's better to do this check once in the constructor and store the result as an immutable variable.
#0 - HickupHH3
2022-11-05T03:06:55Z
depositETH double work
While the issue could a little more elaboration, it's within my acceptable threshold to give the report a borderline satisfactory rating.