Back to cryptphi's contests

FEI and TRIBE Redemption contest - cryptphi's results

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

General Information

Platform: Code4rena

Start Date: 09/09/2022

Pot Size: $42,000 USDC

Total HM: 2

Participants: 101

Period: 3 days

Judge: hickuphh3

Total Solo HM: 2

Id: 161

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 35/101

Findings: 1

Award: $33.60

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTribe

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas

Awards

33.5953 USDC - $33.60

Labels

bug
QA (Quality Assurance)
edited-by-warden

External Links

Link to GitHub issue
  1. Floating pragma The contracts should be deployed with the same solidity version with which they have been tested. Locking the pragma ensures that the contracts don't get deployed with an older version which might introduce bugs.

Occurences: SimpleFeiDaiPSM.sol TribeRedeemer.sol

  1. Use of different compiler versions Was observed that two different versions of solidity pragma are used. It is recommended to be consistent in the use of solidity pragma versions

Occurrences SimpleFeiDaiPSM.sol TribeRedeemer.sol RariMerkleRedeemer.sol MerkleRedeemerDripper.sol

  1. Missing zero address check The following functions are missing zero address checks which may cause either transfer of ERC20 tokens to address(0), or inability of redemption of tokens

Occurrences: SimpleFeiDaiPSM.redeem() - may cause transfer of ERC20 tokens to address(0) TribeRedeemer.redeem() - may cause transfer of ERC20 tokens to address(0) TribeRedeemer.constructor() - may cause redeemToken to be set to address zero and users are unable to call TribeRedeemer.redeem() successfully due to wrong address of redeemToken in line 65.

  1. Check-Effect-Interact pattern not followed In TribeRedeemer.redeem() function, the CEI pattern is not adhered to as the state variable redeemBase is updated after an external call IERC20(redeemedToken).safeTransferFrom(msg.sender, address(this), amountIn); .
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter