Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 58/110
Findings: 2
Award: $73.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: carrotsmuggler
Also found by: 0x52, 0xDecorativePineapple, 0xPanas, Bahurum, Jeiwan, Lambda, PwnPatrol, R2, Respx, auditor0517, durianSausage, hyh, ladboy233, pauliax, scaraven, teawaterwire, zzzitron
36.6124 USDC - $36.61
Wrong calculation of nowPrice in PegOracle.latestRoundData.
PegOracle.latestRoundData always returns nowPrice = 0 for normal 18 decimals tokens.
From the below formula, we can see nowPrice <= 10000.
File: 2022-09-y2k-finance\src\oracles\PegOracle.sol 67: if (price1 > price2) { 68: nowPrice = (price2 * 10000) / price1; 69: } else { 70: nowPrice = (price1 * 10000) / price2; 71: }
After that, it's divided by 1e6 here and it will be 0 for normal 18 decimals tokens.
Manual Review
We should change nowPrice / 1000000 to nowPrice / 10000.
#0 - 3xHarry
2022-09-21T12:27:21Z
@MiguelBits seems to be valid
#1 - HickupHH3
2022-10-17T10:41:35Z
dup of #195
🌟 Selected for report: Respx
Also found by: 0x1f8b, 0xDecorativePineapple, 0xNazgul, 0xPanas, 0xSmartContract, 0xc0ffEE, 0xmuxyz, Aymen0909, Bahurum, Bnke0x0, CodingNameKiki, Deivitto, Jeiwan, Lambda, Picodes, PwnPatrol, R2, RaymondFam, Rolezn, Ruhum, Saintcode_, SooYa, Tointer, V_B, ajtra, ak1, async, auditor0517, brgltd, c3phas, carrotsmuggler, cccz, csanuragjain, datapunk, djxploit, durianSausage, eierina, erictee, gogo, imare, joestakey, jonatascm, kv, ladboy233, leosathya, lukris02, oyc_109, pashov, pauliax, rbserver, robee, rokinot, rvierdiiev, scaraven, simon135, unforgiven, wagmi, zzzitron
36.6223 USDC - $36.62
0.5% = multiply by 1000 then divide by 5 => 0.5% = multiply by 5 then divide by 1000.