Platform: Code4rena
Start Date: 07/03/2024
Pot Size: $63,000 USDC
Total HM: 20
Participants: 36
Period: 5 days
Judge: cccz
Total Solo HM: 11
Id: 349
League: BLAST
Rank: 18/36
Findings: 2
Award: $305.37
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xAadi
Also found by: 0x11singh99, bareli, hihen
290.0407 USDC - $290.04
Detailed description of the impact of this finding. Missing return statement in _getReserves: Function doesn't return the fetched reserves. We are not returning anything in _getReserves.It should return 2 unit246 integer but we are not returning anything.
we are calling this function in latestAnswer() for getting baseReserve and quoteReserve but we are not getting any output from _getReserves().
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function _getReserves() internal view virtual returns (uint256, uint256) { (uint256 baseReserve, uint256 quoteReserve) = pair.getReserves(); }
function latestAnswer() public view override returns (int256) { uint256 baseAnswerNomalized = uint256(baseOracle.latestAnswer()) * (10 ** (WAD - baseOracle.decimals())); uint256 quoteAnswerNormalized = uint256(quoteOracle.latestAnswer()) * (10 ** (WAD - quoteOracle.decimals())); uint256 minAnswer = baseAnswerNomalized < quoteAnswerNormalized ? baseAnswerNomalized : quoteAnswerNormalized;
@>> (uint256 baseReserve, uint256 quoteReserve) = _getReserves();
function _getReserves() internal view virtual returns (uint256, uint256) { (uint256 baseReserve, uint256 quoteReserve) = pair.getReserves(); ++ return(baseReserve,quoteReserve); }
Context
#0 - 0xm3rlin
2024-03-15T00:40:59Z
Confirmed low impact
#1 - c4-pre-sort
2024-03-15T12:23:18Z
141345 marked the issue as duplicate of #146
#2 - c4-judge
2024-03-29T16:13:22Z
thereksfour marked the issue as satisfactory
#3 - c4-judge
2024-03-31T06:51:12Z
thereksfour changed the severity to 3 (High Risk)
#4 - c4-judge
2024-04-05T11:13:05Z
thereksfour changed the severity to 2 (Med Risk)
🌟 Selected for report: ether_sky
Also found by: 0x11singh99, 0xE1, 0xJaeger, Bauchibred, Bigsam, Bozho, Breeje, DarkTower, HChang26, SpicyMeatball, Trust, ZanyBonzy, albahaca, bareli, blutorque, grearlake, hals, hassan-truscova, hihen, oualidpro, pfapostol, ravikiranweb3, slvDev, zhaojie
15.328 USDC - $15.33
Missing License: The UNLICENSED SPDX identifier indicates the code is proprietary, which might not be intended. Version Lock: The pragma directive should lock the compiler to a specific version to prevent unexpected behavior from compiler updates.
pragma solidity >=0.8.0; https://github.com/code-423n4/2024-03-abracadabra-money/blob/main/src/blast/BlastDapp.sol#L2C1-L3C1
#0 - c4-pre-sort
2024-03-15T15:01:36Z
141345 marked the issue as insufficient quality report
#1 - c4-pre-sort
2024-03-15T15:32:07Z
141345 marked the issue as grade-c
#2 - c4-judge
2024-04-06T07:03:07Z
thereksfour marked the issue as grade-b