Platform: Code4rena
Start Date: 11/12/2023
Pot Size: $90,500 USDC
Total HM: 29
Participants: 127
Period: 17 days
Judge: TrungOre
Total Solo HM: 4
Id: 310
League: ETH
Rank: 106/127
Findings: 1
Award: $20.82
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: SBSecurity
Also found by: 0xaltego, 0xbepresent, Aymen0909, Bauchibred, Cosine, EVDoc, EloiManuel, HighDuty, Sathish9098, Tendency, Timeless, ZanyBonzy, beber89, deliriusz, ether_sky, grearlake, hals, klau5, lsaudit, nadin, rvierdiiev, tsvetanovv
20.8157 USDC - $20.82
The solidity version 0.8.13 has below two issues applicable to ECG contracts
Vulnerability related to ABI-encoding This vulnerability can be misused since the function hashOrder() and hashOppositeOrder() has applicable conditions. "...pass a nested array directly to another external function call or use abi.encode on it."
Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly' ECG inherits solidity contracts from openzeppelin and solmate, and both these uses inline assembly, and optimization is enabled while compiling.
Recommend using recent Solidity version 0.8.15 which has the fix for these issues
CreateRole function should check for role existence before setting role.function createRole( //creates a new role bytes32 role, bytes32 adminRole ) external onlyRole(CoreRoles.GOVERNOR) { //@note _setRoleAdmin(role, adminRole); }
Lack of check for role existence allows for setting roles to non-existent roles.
The SimplePSM allows to credit tokens be minted or redeemed based on a stable peg token. As, there's no check preventing that the credit token is not the peg token, this introduces the possibility of minting the credit tokens by providing the credit token as the peg token. This can inflate the total supply of credit tokens without the new tokens having any asset backing. The contract, for some reason, error or malicious will be deployed with the credit token as peg token. The mint and mintAndEnterRebase function, will then require credit will be minted to users, based on credit that they can provide (think FTX), which will inflate the credit totalsupply.
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/8f439544b8a634e8f3c3db718416a39752cd471e/src/loan/SimplePSM.sol#L65C1-L77C6 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/8f439544b8a634e8f3c3db718416a39752cd471e/src/loan/SimplePSM.sol#L103 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/8f439544b8a634e8f3c3db718416a39752cd471e/src/loan/SimplePSM.sol#L117 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/8f439544b8a634e8f3c3db718416a39752cd471e/src/loan/SimplePSM.sol#L134
Consider adding a check to the constructor ensuring that pegToken != credit.
#0 - c4-pre-sort
2024-01-05T18:16:00Z
0xSorryNotSorry marked the issue as sufficient quality report
#1 - Trumpero
2024-01-27T15:52:06Z
3L
#2 - Trumpero
2024-01-31T12:02:27Z
#3 - c4-judge
2024-01-31T12:02:29Z
Trumpero marked the issue as grade-b
#4 - Trumpero
2024-02-08T17:55:51Z
@ZanyBonzy Combining all downgraded QA issues and this report, the warden has 5 low issues, which accumulate 25 points in my QA evaluation (5 points for low, 1 point for R/NC). In this context, the threshold for a grade-a is 27, based on the best QA report (40 points), adjusted with a ratio of 75% and the number of valid issues.