Platform: Code4rena
Start Date: 03/07/2023
Pot Size: $40,000 USDC
Total HM: 14
Participants: 74
Period: 7 days
Judge: alcueca
Total Solo HM: 9
Id: 259
League: ETH
Rank: 26/74
Findings: 2
Award: $75.99
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xprinc
Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-
17.5208 USDC - $17.52
https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L31
There's no validation check of the number of tokens/pumps in the init function. This may cause problems for someone to create a clone of the Well contract without using the LibWellConstructor library.
File: src/Well.sol#L31 function init(string memory name, string memory symbol) public initializer { __ERC20Permit_init(name); __ERC20_init(name, symbol); IERC20[] memory _tokens = tokens(); for (uint256 i; i < _tokens.length - 1; ++i) { for (uint256 j = i + 1; j < _tokens.length; ++j) { if (_tokens[i] == _tokens[j]) { revert DuplicateTokens(_tokens[i]); } } } // @audit validation check : numberOfTokens == tokens().length, numberOfPumps()==pumps().length, }
Manual review
There's no way to validate the inputs parameter in the Well contract.
So it needs to update the boreWell function to ensure that inputs in the Aquifer.sol. https://github.com/code-423n4/2023-07-basin/blob/main/src/Aquifer.sol#L34
Recommend adding details parameter(tokens, wellFunction, pumps) instead of the immutableData parameter in the boreWell and encodePacked with those details.
Invalid Validation
#0 - c4-pre-sort
2023-07-11T13:19:30Z
141345 marked the issue as low quality report
#1 - 141345
2023-07-13T06:51:18Z
lack details on the impact and potential loss
maybe QA is more appropriate
#2 - alcueca
2023-08-04T05:38:36Z
As a rule, any issue that means a user transaction or reverting because of failed inputs is a QA. Same for contract deployments that result in unusable contracts.
#3 - c4-judge
2023-08-04T05:38:40Z
alcueca changed the severity to QA (Quality Assurance)
#4 - c4-judge
2023-08-04T21:27:55Z
alcueca marked the issue as grade-a
🌟 Selected for report: SM3_SS
Also found by: 0x11singh99, 0xAnah, 0xSmartContract, 0xn006e7, 0xprinc, DavidGiladi, ElCid, JCN, K42, MIQUINHO, Raihan, Rolezn, SAAJ, SY_S, Strausses, TheSavageTeddy, bigtone, erebus, hunter_w3b, josephdara, lsaudit, mahdirostami, oakcobalt, peanuts, pfapostol, seth_lawson
58.4732 USDC - $58.47
| Issue | Instances | |
|---|---|---|
| GAS-1 | reserves[i] == 0 doesn't need to check | 1 |
reserves[i] == 0 doesn't need to checkIt's already checked if reserves[i] is zero in the update function before calling _init() , so it doesn't need to check it.
File: src/pumps/MultiFlowPump.sol:L153 function _init(bytes32 slot, uint40 lastTimestamp, uint256[] memory reserves) internal { uint256 numberOfReserves = reserves.length; bytes16[] memory byteReserves = new bytes16[](numberOfReserves); // Skip {_capReserve} since we have no prior reference for (uint256 i; i < numberOfReserves; ++i) { if (reserves[i] == 0) return; // @audit it doesn't need to check byteReserves[i] = reserves[i].fromUIntToLog2(); }
Recommend removing the line that checks if reserves[i] == 0
#0 - c4-pre-sort
2023-07-12T08:56:16Z
141345 marked the issue as low quality report
#1 - c4-judge
2023-08-05T11:20:42Z
alcueca marked the issue as grade-a