Platform: Code4rena
Start Date: 05/01/2023
Pot Size: $90,500 USDC
Total HM: 55
Participants: 103
Period: 14 days
Judge: Picodes
Total Solo HM: 18
Id: 202
League: ETH
Rank: 57/103
Findings: 2
Award: $95.46
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xsomeone
Also found by: ayeslick, tsvetanovv
44.1378 USDC - $44.14
https://github.com/code-423n4/2023-01-astaria/blob/main/src/ClearingHouse.sol#L148
Some tokens like USDT have a build-in front running protection and require that approvals are set to zero before being set to the desired value, payment - liquidatorPayment.
Set safeApprove to 0 first then to payment - liquidatorPayment
#0 - c4-judge
2023-01-22T15:26:53Z
Picodes marked the issue as duplicate of #437
#1 - c4-judge
2023-02-24T10:20:54Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2023-02-24T10:21:28Z
Picodes marked the issue as partial-25
#3 - Picodes
2023-02-24T10:21:35Z
Partial credit due to the absence of PoC
🌟 Selected for report: ladboy233
Also found by: 0x1f8b, 0xAgro, 0xSmartContract, 0xbepresent, 0xkato, Aymen0909, CodingNameKiki, Cryptor, Deekshith99, Deivitto, HE1M, IllIllI, Kaysoft, Koolex, PaludoX0, Qeew, RaymondFam, Rolezn, Sathish9098, Tointer, a12jmx, arialblack14, ast3ros, ayeslick, bin2chen, btk, caventa, ch0bu, chaduke, chrisdior4, delfin454000, descharre, evan, fatherOfBlocks, georgits, gz627, jasonxiale, joestakey, kaden, lukris02, nicobevi, nogo, oberon, oyc_109, pfapostol, rbserver, sakshamguruji, seeu, shark, simon135, slvDev, synackrst, tnevler, whilom, zaskoh
51.3151 USDC - $51.32
https://github.com/code-423n4/2023-01-astaria/blob/main/src/CollateralToken.sol#L334 https://github.com/code-423n4/2023-01-astaria/blob/main/src/CollateralToken.sol#L338
The releaseAddress function checks if the msg.sender is the owner of the collateral token twice.
Recommendation: Check if msg.sender is the owner of the collateral token once
#0 - c4-judge
2023-01-26T14:17:41Z
Picodes marked the issue as grade-b