Platform: Code4rena
Start Date: 26/09/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 113
Period: 5 days
Judge: 0xean
Total Solo HM: 6
Id: 166
League: ETH
Rank: 72/113
Findings: 1
Award: $52.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xNazgul
Also found by: 0x1f8b, 0x52, 0xDecorativePineapple, 0xSmartContract, 0xmatt, Aeros, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DimitarDimitrov, IllIllI, JC, Jeiwan, Lambda, Matin, Migue, Mukund, Ocean_Sky, Olivierdem, RaymondFam, RockingMiles, Rolezn, Ruhum, Satyam_Sharma, Shinchan, Tomo, Trabajo_de_mates, V_B, Waze, __141345__, a12jmx, ajtra, asutorufos, aysha, brgltd, bulej93, carrotsmuggler, catchup, cccz, chrisdior4, cryptonue, cryptphi, d3e4, defsec, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, kaden, karanctf, ladboy233, lukris02, mahdikarimi, martin, mics, natzuu, oyc_109, p_crypt0, pedr02b2, rbserver, reassor, rotcivegaf, rvierdiiev, sikorico, slowmoses, sorrynotsorry, tnevler, trustindistrust
52.0364 USDC - $52.04
lteConsideringOverflow may return incorrect value as per specification
In DataStorage.sol the function lteConsideringOverflow is supposed to return whether a <= b, but if we have indeed a <= b the function will return false if a <= currentTime < b, and if we have b < a the function will return true if b <= currentTime < a.
Â
setOwner should be a two-step process
setOwner in AlgebraFactory.sol#L77-L81 immediately transfers ownership, which is critical, to the new address. If any mistake is made this cannot be reverted.
Consider implementing a two-step process where the new owner is nominated, and then has to accept ownership. Thus the validity of the new address is ensured.
Â
Incorrect comment
At DataStorage.sol#L393 an timepoint should be a timepoint.
#0 - vladyan18
2022-10-04T16:30:35Z
Please note that
safe for 0 or 1 overflows, a and b must be chronologically before or equal to currentTime