Platform: Code4rena
Start Date: 22/09/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 175
Period: 14 days
Judge: alcueca
Total Solo HM: 4
Id: 287
League: ETH
Rank: 143/175
Findings: 1
Award: $11.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-
11.4657 USDC - $11.47
updatePortStrategy() has no checks when called. Even an approved user can make a mistake and add an invalid _portStrategy or _token.
addStrategyToken() has checks even though it has the same access control as updatePortStrategy().
When calling the function there is no revert if the caller makes a mistake. This might lead to excessive storage use of mistakes. And there is no warning if the caller makes a mistake
function updatePortStrategy(address _portStrategy, address _token, uint256 _dailyManagementLimit) external override requiresCoreRouter { strategyDailyLimitAmount[_portStrategy][_token] = _dailyManagementLimit; emit PortStrategyUpdated(_portStrategy, _token, _dailyManagementLimit); }
Accepts any input.
VScode, Audit Wizard
Include some checks to ensure there is already a strategy for the token before updating it.
function updatePortStrategy(address _portStrategy, address _token, uint256 _dailyManagementLimit) external override requiresCoreRouter { if (!isStrategyToken[_token]) revert UnrecognizedStrategyToken(); if (strategyDailyLimitAmount[_portStrategy][_token] == 0) revert StrategyTokenNotRegistered(); strategyDailyLimitAmount[_portStrategy][_token] = _dailyManagementLimit; emit PortStrategyUpdated(_portStrategy, _token, _dailyManagementLimit); }
StrategyTokenNotRegistered() error needs to be defined in IBranchPort.sol
Invalid Validation
#0 - c4-pre-sort
2023-10-15T05:06:48Z
0xA5DF marked the issue as low quality report
#1 - 0xA5DF
2023-10-15T05:06:59Z
Even an approved user can make a mistake
User error is QA
#2 - c4-judge
2023-10-23T14:55:23Z
alcueca changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-10-23T14:55:29Z
alcueca marked the issue as grade-b