Platform: Code4rena
Start Date: 10/03/2022
Pot Size: $75,000 USDT
Total HM: 25
Participants: 54
Period: 7 days
Judge: pauliax
Total Solo HM: 10
Id: 97
League: ETH
Rank: 26/54
Findings: 2
Award: $433.63
🌟 Selected for report: 0
🚀 Solo Findings: 0
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L348 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L349
equilibriumFee and maxFee values are used directly within getTransferFee() function without any checks performed. If these values were entered faulty by mistake at addSupportedToken() or changeFee(), such as too high maxFee, or equilibriumFee > maxFee, then transfer fee calculations will be incorrect. It would be good to check these settings against some default values and against each other before using them in getTransferFee() function.
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L348 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L349
manual analysis
Include checks such as: require(maxFee <= maxAllowedFee, "maxFee higher than allowed"); require(equilibriumFee < maxFee, "equilibriumFee faulty");
#0 - ankurdubey521
2022-03-30T15:44:18Z
Duplicate of #8
#1 - pauliax
2022-04-30T17:26:36Z
🌟 Selected for report: hickuphh3
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xngndev, 0xwags, Cantor_Dust, CertoraInc, Dravee, IllIllI, PPrieditis, Ruhum, TerrierLover, WatchPug, XDms, benk10, berndartmueller, bitbopper, catchup, cmichel, cryptphi, csanuragjain, danb, defsec, gzeon, hagrid, hubble, jayjonah8, kenta, kyliek, minhquanym, rfa, robee, saian, samruna, throttle, ye0lde, z3s
353.2341 USDT - $353.23
C4 finding submitted: (risk = 1 (Low Risk)) updateTokenCap() updates only the transferConfig cap values, but not deposit config values.
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L111 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L112 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L96
addSupportedToken() writes the cap limits to transferConfig first and then copies the same values to deposit config by tokensInfo[tokenAddress].tokenConfig = transferConfig[tokenAddress]; However, updateTokenCap() updates only the transferConfig cap values, but not deposit config values.
There is no way to update tokensInfo[tokenAddress].tokenConfig
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L111 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L112 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L96
Manual analysis
Either update the deposit tokenConfig values the same as transfer config values such as: tokensInfo[tokenAddress].tokenConfig = transferConfig[tokenAddress]; Or include seperate min max parameters in updateTokenCap() for deposit config and use them.
C4 finding submitted: (risk = 1 (Low Risk)) getTokensInfo() returns transfer min-max values
addSupportedToken() writes the cap limits to transferConfig first and then copies the same values to deposit config by tokensInfo[tokenAddress].tokenConfig = transferConfig[tokenAddress]; However, updateTokenCap() updates only the transferConfig cap values, but not deposit config values.
getTokensInfo() returns transferConfig[tokenAddress] where it should be tokensInfo[tokenAddress].tokenConfig
Manual analysis
Line 121 should be changed as: tokensInfo[tokenAddress].tokenConfig;
C4 finding submitted: (risk = 1 (Low Risk)) maxFee is not checked against a max value while being updated
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L50
changeFee() maxFee should be checked against a maximum value (like 10%) to make sure it is not set too high by mistake.
maxFee can be set beyond limits which would mess up fee calculations.
getTransferFee() function calculations will give unpredicted results. https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L342
Manual analysis
A check should be added to changeFee() such as: require(_maxFee <= maxAllowedFee, "maxFee higher than allowed");
C4 finding submitted: (risk = 1 (Low Risk)) changeFee() should have tokenChecks(tokenAddress) modifier
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L48
changeFee() is not checking if the tokenAddress is zero and the token is supported.
Unnecessary execution if the tokenAddress is zero or the token is not supported
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/TokenManager.sol#L48
Manual analysis
changeFee() should include tokenChecks(tokenAddress) modifier
C4 finding submitted: (risk = 0 (Non-critical)) No need to define abicoder V2
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L4 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/token/LPToken.sol#L3
abicoder V2 is explicitly defined at LPToken.sol, LiquiditPool.sol. Starting from solidity version 0.8.0 abi coder V2 is activated by default.
Unnecessary code
https://docs.soliditylang.org/en/v0.8.11/080-breaking-changes.html
Manual analysis
These pragma's can be removed.
C4 finding submitted: (risk = 0 (Non-critical)) executors and executorStatus can be made private.
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/ExecutorManager.sol#L9 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/ExecutorManager.sol#L10
Internal state variables can be private
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/ExecutorManager.sol#L9 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/ExecutorManager.sol#L10
Manual analysis
Change executors and executorStatus visibility as private.
C4 finding submitted: (risk = 0 (Non-critical)) setBaseGas() takes a parameter of uint128
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L22 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L119
setBaseGas() takes a parameter of uint128 but baseGas is actually uint256
Better coding practice
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L22 https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L119
Manual analysis
Change the parameter to uint256.
C4 finding submitted: (risk = 0 (Non-critical)) typo in comment
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L300
There is a typo for the word 'after'
https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L300
Manual analysis
Fix the typo.
#0 - pauliax
2022-05-17T15:36:36Z
"changeFee() maxFee should be checked against a maximum value (like 10%) to make sure it is not set too high by mistake." should be Medium: https://github.com/code-423n4/2022-03-biconomy-findings/issues/8#issuecomment-1114023886