Platform: Code4rena
Start Date: 08/03/2023
Pot Size: $60,500 USDC
Total HM: 2
Participants: 123
Period: 7 days
Judge: hansfriese
Id: 220
League: ETH
Rank: 82/123
Findings: 1
Award: $29.67
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 0x1f8b, 0x6980, 0xAgro, 0xSolus, 0xhacksmithh, 0xkazim, ABA, BPZ, BowTiedOriole, ChainReview, DadeKuma, DeFiHackLabs, Deathstore, DevABDee, Diana, Dravee, Dug, Englave, Go-Langer, Haipls, IceBear, Inspex, Jeiwan, Kek, Kresh, Madalad, MatricksDeCoder, MyFDsYours, RaymondFam, Rolezn, SAAJ, Sathish9098, Taloner, Udsen, Viktor_Cortess, atharvasama, ayden, brgltd, btk, carlitox477, catellatech, chaduke, codeislight, deadrxsezzz, descharre, erictee, fatherOfBlocks, favelanky, glcanvas, handsomegiraffe, jasonxiale, jekapi, joestakey, lemonr, luxartvinsec, martin, matrix_0wl, minhquanym, mrpathfindr, nadin, oyc_109, parsely, peanuts, pfedprog, rbserver, rokso, saian, santipu_, scokaf, slvDev, tsvetanovv, ubl4nk, ulqiorra, yamapyblack, zaskoh
29.6697 USDC - $29.67
QA1: There should be a range check for VAULT_CAP and NO_VAULT_CAP check.
QA2: _assetTransferFrom()'s revert will not return correct error message.
The following code in _assetTransferFrom() will not return correct revert error message, an experiment can easily show that - it will return some obscure bytecode unreadable message. This is because the first word of data actually stores the number of bytes in data.
if (!success) { revert(string(data)); }
The correct way is:
if (!success) { if(data.length > 0) { let len := mload(data) revert(add(32, data), len); } }
QA3. withdraw() should not allow _assetType == 4 since it is not defined.
withdraw() does not exclude _assetType == 4, although it is not defined.
Correction, exclude _assetType == 4:
- if (uint8(_assetType) == 2 || uint8(_assetType) > 4) { + if (uint8(_assetType) == 2 || uint8(_assetType) >= 4) { revert InvalidAssetType(uint256(_assetType)); }
QA4. The stake() function fails to exclude the case _assetType == 4.
correction: exclude _assetType == 4
function stake ( AssetType _assetType, uint256 _timelockId, uint256, uint256, uint256 ) external nonReentrant { // Validate that the asset being staked is of a valid type. - if (uint8(_assetType) > 4) { + if (uint8(_assetType) >= 4) { revert InvalidAssetType(uint256(_assetType)); }
QA5. The configureVaultCreditMultipliers() fails to check whether the two inputs arrays have equal length:
Mitigation:
function configureVaultCreditMultipliers ( string[] memory _vaultCreditMultipliers, uint256[] memory _multipliers ) hasValidPermit(UNIVERSAL, CONFIGURE_CREDITS) external { + if(_vaultCreditMultipliers.length != _multipliers) revert ArraysNotEqualInLength(); for (uint256 i; i < _vaultCreditMultipliers.length; ) { vaultCreditMultiplier[_vaultCreditMultipliers[i]] = _multipliers[i]; unchecked { ++i; } } }
QA6. The configureIdentityCreditYields() fails to check whether the two inputs arrays have equal length:
function configureIdentityCreditYields ( uint256[] memory _citizenRewardRates, string[] memory _vaultRewardRates, string[] memory _identityCreditYields ) hasValidPermit(UNIVERSAL, CONFIGURE_CREDITS) external { + uint len1 = _citizenRewardRates.length; + uint len2 = _vaultRewardRates.length; + uint len3 = _identityCreditYields; + if(!(len1 == len2 && len2 == len3)) revert ArraysNotEqualInLength(); for (uint256 i; i < _citizenRewardRates.length; ) { identityCreditYield[ _citizenRewardRates[i] ][ _vaultRewardRates[i] ] = _identityCreditYields[i]; unchecked { ++i; } } }
#0 - c4-judge
2023-03-17T03:17:23Z
hansfriese marked the issue as grade-b