Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 33/72
Findings: 2
Award: $258.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s
206.1723 USDC - $206.17
If updateCitadelPriceInAsset resulted in invalid price,citadelPriceFlag is set to true. After sometime if same function is called and price come correctly then citadelPriceFlag should be set to false so that deposit are not impacted but this is not done.
Recommendation : Put citadelPriceFlag to false in case if price is in valid range
Add check _minDiscount<_maxDiscount (otherwise minDiscount could exceed maxDiscount)
check _rate!=0 (since 0 is an invalid input)
The condition require(lastMintTimestamp > globalStartTimestamp,"SupplySchedule: attempting to mint before start block"); does not cover valid case where lastMintTimestamp=globalStartTimestamp
Recommendation: Change to require(lastMintTimestamp >= globalStartTimestamp,"SupplySchedule: attempting to mint before start block");
If user revests then unlockEnd date will change. This will become a problem if user has already claimed major portion because after user revests now locked<claimed which means function will always fail
Recommendation: add check
((locked * (block.timestamp - vesting[recipient].unlockBegin)) /(vesting[recipient].unlockEnd - vesting[recipient].unlockBegin)) >= claimed
Add a check for _duration!=0 (as 0 vesting duration is invalid)
#0 - jack-the-pug
2022-06-05T15:18:43Z
Funding.sol#L414: updateCitadelPriceInAsset function is a good one!
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s
52.0246 USDC - $52.02
CitadelMinter.sol#L250: setFundingPoolWeight function Directly assign totalFundingPoolWeight=totalFundingPoolWeight-fundingPoolWeights[_pool]+_weight instead of using temp variable
check if endingEpoch==0 return 0 which will save some gas