Platform: Code4rena
Start Date: 03/11/2022
Pot Size: $115,500 USDC
Total HM: 17
Participants: 120
Period: 7 days
Judge: LSDan
Total Solo HM: 1
Id: 174
League: ETH
Rank: 34/120
Findings: 4
Award: $252.00
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xdeadbeef0x
Also found by: 8olidity, Ch_301, HE1M, Koolex, Lambda, Nyx, RedOneN, Ruhum, Tomo, Trust, adriro, aphak5010, ayeslick, berndartmueller, brgltd, carlitox477, cccz, codexploder, d3e4, eierina, eighty, immeas, joestakey, lotux, minhquanym, perseverancesuccess, rbserver, rvierdiiev
8.0811 USDC - $8.08
In LineLib.receiveTokenOrETH, msg.value >= amount is required, which means if msg.value > amount, excess ETH will not be refunded.
function receiveTokenOrETH( address token, address sender, uint256 amount ) external returns (bool) { if(token == address(0)) { revert TransferFailed(); } if(token != Denominations.ETH) { // ERC20 IERC20(token).safeTransferFrom(sender, address(this), amount); } else { // ETH if(msg.value < amount) { revert TransferFailed(); } } return true; }
None
Refund the excess ETH.
#0 - c4-judge
2022-11-17T12:42:46Z
dmvt marked the issue as duplicate of #25
#1 - c4-judge
2022-11-17T19:24:47Z
dmvt marked the issue as partial-50
#2 - c4-judge
2022-12-06T15:39:47Z
dmvt marked the issue as satisfactory
#3 - c4-judge
2022-12-06T15:39:52Z
dmvt marked the issue as full credit
#4 - C4-Staff
2022-12-20T06:44:54Z
liveactionllama marked the issue as duplicate of #39
🌟 Selected for report: perseverancesuccess
Also found by: 0x52, HE1M, Lambda, Trust, adriro, aphak5010, cccz, minhquanym
214.1771 USDC - $214.18
The lender can call the claimAndRepay function, which will call SpigotedLineLib.trade. In SpigotedLineLib.trade, when claimToken == ETH, ETH will be sent to swapTarget. If the zeroExTradeData.inputTokenAmount provided by the lender is less than amount ,the excess ETH may remain in the swapTarget contract.
function trade( uint256 amount, address sellToken, address payable swapTarget, bytes calldata zeroExTradeData ) public returns(bool) { if (sellToken == Denominations.ETH) { // if claiming/trading eth send as msg.value to dex (bool success, ) = swapTarget.call{value: amount}(zeroExTradeData); if(!success) { revert TradeFailed(); } } else { IERC20(sellToken).approve(swapTarget, amount); (bool success, ) = swapTarget.call(zeroExTradeData); if(!success) { revert TradeFailed(); } } return true; }
https://github.com/debtdao/Line-of-Credit//blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/SpigotedLine.sol#L93-L115 https://github.com/debtdao/Line-of-Credit//blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/SpigotedLineLib.sol#L120-L140 https://github.com/0xProject/protocol/blob/development/contracts/zero-ex/contracts/src/features/TransformERC20Feature.sol#L254-L263
None
Since the borrower has sufficient incentive to call claimAndRepay to pay off the debt and reduce the interest expense, consider disabling the lender from calling the claimAndRepay function.
#0 - c4-judge
2022-11-17T12:37:07Z
dmvt marked the issue as duplicate of #88
#1 - c4-judge
2022-11-17T20:44:15Z
dmvt marked the issue as partial-50
#2 - C4-Staff
2022-12-16T23:20:48Z
captainmangoC4 marked the issue as duplicate of #110
🌟 Selected for report: __141345__
Also found by: Bnke0x0, Ch_301, Jeiwan, Lambda, Ruhum, aphak5010, ayeslick, cccz, codexploder, everyanykey, hansfriese, ladboy233, minhquanym, pashov, rbserver, rvierdiiev
24.4049 USDC - $24.40
There are ERC20 tokens that charge fee for every transfer() or transferFrom(). When using fee-on-transfer tokens in contracts, there are some unexpected situations. For example, in the depositAndClose function, the number of tokens received by the contract will be less than totalOwed, and then sending tokens to the lender in _close will fail due to insufficient balance.
https://github.com/debtdao/Line-of-Credit//blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L292-L311 https://github.com/debtdao/Line-of-Credit//blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L483-L493
None
Consider getting the received amount by calculating the difference of token balance (using balanceOf) before and after the transferFrom.
#0 - c4-judge
2022-11-17T12:43:42Z
dmvt marked the issue as duplicate of #26
#1 - c4-judge
2022-11-17T19:44:30Z
dmvt marked the issue as partial-50
#2 - C4-Staff
2022-12-20T06:01:34Z
liveactionllama marked the issue as duplicate of #367
🌟 Selected for report: __141345__
Also found by: 0xdeadbeef0x, 8olidity, Amithuddar, Bnke0x0, Ch_301, Deivitto, IllIllI, KingNFT, Nyx, RaymondFam, RedOneN, Satyam_Sharma, SmartSek, Tomo, adriro, bananasboys, carlitox477, cccz, cloudjunky, codexploder, corerouter, cryptonue, d3e4, datapunk, joestakey, martin, merlin, minhquanym, pashov, peanuts, rvierdiiev
5.3388 USDC - $5.34
In LineLib, sendOutTokenOrETH function calls native payable.transfer. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract.
Whenever the user either fails to implement the payable fallback function or cumulative gas cost of the function sequence invoked on a native token transfer exceeds 2300 gas consumption limit the native tokens sent end up undelivered and the corresponding user funds return functionality will fail each time.
None
Using low-level call.value(amount) with the corresponding result check or using the OpenZeppelin Address.sendValue is advised: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol#L60
#0 - c4-judge
2022-11-17T12:43:07Z
dmvt marked the issue as duplicate of #14
#1 - c4-judge
2022-11-17T19:18:36Z
dmvt marked the issue as partial-50
#2 - c4-judge
2022-12-06T14:47:00Z
dmvt marked the issue as full credit
#3 - c4-judge
2022-12-06T14:47:05Z
dmvt marked the issue as satisfactory
#4 - C4-Staff
2022-12-20T05:56:43Z
liveactionllama marked the issue as duplicate of #369