Platform: Code4rena
Start Date: 03/11/2022
Pot Size: $115,500 USDC
Total HM: 17
Participants: 120
Period: 7 days
Judge: LSDan
Total Solo HM: 1
Id: 174
League: ETH
Rank: 84/120
Findings: 1
Award: $61.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, Awesome, Aymen0909, B2, BClabs, Bnke0x0, Deekshith99, Deivitto, Diana, Dinesh11G, Funen, HE1M, HardlyCodeMan, Josiah, Nyx, Rahoz, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Saintcode_, TomJ, Trust, __141345__, a12jmx, adriro, ajtra, aphak5010, apostle0x01, brgltd, btk, bulej93, c3phas, carlitox477, catwhiskeys, ch0bu, chaduke, chrisdior4, cryptonue, cryptostellar5, csanuragjain, ctf_sec, delfin454000, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, i_got_hacked, immeas, joestakey, jumpdest7d, lukris02, martin, mcwildy, merlin, minhquanym, oyc_109, pashov, peanuts, pedr02b2, rbserver, rotcivegaf, rvierdiiev, sakman, saneryee, seyni, shark, slowmoses, tnevler, trustindistrust, w0Lfrum, yurahod, zaskoh
61.3462 USDC - $61.35
safeIncreaseAllowance AND safeDecreaseAllowance INSTEAD OF approve()134: IERC20(sellToken).approve(swapTarget, amount);
safeApprove() has been deprecated in favour of safeIncreaseAllowance() and safeDecreaseAllowance()approve() might fail because some tokens (eg. USDT) don’t work when changing the allowance from an existing non-zero allowance valueUpdate instances of approve() and safeApprove() to safeIncreaseAllowance().
modifier onlyLineContract() { require( msg.sender == lineContract, "InterestRateCred: only line contract." ); _; }
In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
This is applicable to all the contracts
pragma solidity ^0.8.9;
https://swcregistry.io/docs/SWC-103
Each event should use three indexed fields if there are three or more fields
21: event MutualConsentRegistered( 22: bytes32 _consentHash 23: );
241: event AddSpigot(address indexed revenueContract, uint256 ownerSplit); 255: event ClaimRevenue(address indexed token,uint256 indexed amount,uint256 escrowed, address revenueContract); 262: event ClaimEscrow(address indexed token,uint256 indexed amount,address owner);
64: require(escrow_.liquidate(amount, targetToken, to)); 90: require(escrow.updateLine(newLine));
143: require(amount <= unusedTokens[credit.token]); 160: require(msg.sender == borrower); 239: require(msg.sender == arbiter);
91: require(amount > 0); 105: require(msg.sender == ILineOfCredit(self.line).arbiter()); 161: require(amount > 0); 198: require(amount > 0); 216: require(msg.sender == self.line);
147: require(ISpigot(spigot).updateOwner(newLine));
96: require(LineLib.sendOutTokenOrETH(token, self.treasury, claimed - escrowedAmount)); 130: require(self.settings[revenueContract].transferOwnerFunction == bytes4(0)); 155: require(success); 180: require(newOwner != address(0)); 189: require(newOwner != address(0)); 201: require(newTreasury != address(0));
Missing @params in Natspec
function updateOwnerSplit(address revenueContract, uint8 ownerSplit) external returns(bool) { return state.updateOwnerSplit(revenueContract, ownerSplit); }
When deploying contracts, you should use the latest released version of Solidity. Apart from exceptional cases, only the latest version receives security fixes. Furthermore, breaking changes as well as new features are introduced regularly. Latest Version is 0.8.17
This is applicable to all the smart contracts.
#0 - c4-judge
2022-12-06T23:13:42Z
dmvt marked the issue as grade-b