Back to delfin454000's contests

Alchemix contest - delfin454000's results

A protocol for self-repaying loans with no liquidation risk.

General Information

Platform: Code4rena

Start Date: 05/05/2022

Pot Size: $125,000 DAI

Total HM: 17

Participants: 62

Period: 14 days

Judge: leastwood

Total Solo HM: 15

Id: 120

League: ETH

Alchemix

Findings Distribution

Researcher Performance

Rank: 50/62

Findings: 1

Award: $178.66

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAlchemix

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xsomeone, AuditsAreUS, BouSalman, BowTiedWardens, Cityscape, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Picodes, Ruhum, TerrierLover, WatchPug, Waze, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, ellahi, fatherOfBlocks, hake, horsefacts, hyh, jayjonah8, joestakey, kebabsec, kenta, mics, oyc_109, robee, samruna, shenwilly, sikorico, simon135, throttle, tintin

Awards

178.6573 DAI - $178.66

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Typos

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/base/Errors.sol#L11

/// @notice An error used to indicate that an action could not be completed because of an illegal argument was passed

Remove 'of' in the phrase `because of an'

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L64

    /// @notice `params.protocolFee` must be in range or this call will with an {IllegalArgument} error.

Missing word: Change will with to will revert with

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L79

    /// @notice `msg.sender` must be the admin or this call will will revert with an {Unauthorized} error.

Remove repeated word will

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L88

    /// @notice Allows for `msg.sender` to accepts the role of administrator.

Change accepts to accept

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L104

    /// @param flag     A flag indicating of the address should be set or unset as a sentinel.

Change of to whether

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L112

    /// @param flag   A flag indicating of the address should be set or unset as a keeper.

Change of to whether

The same typo (repeated word the) occurs in all four lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L162

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2State.sol#L230

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/aave/IAToken.sol#L37

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/transmuter/ITransmuterBuffer.sol#L43

Example:

  /// @notice Emitted when the the status of diverting to the amo is set for a given underlying token.

Remove repeated word the

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L216

    /// @notice `value` must be in range or this call will with an {IllegalArgument} error.

Missing word: Change will with to will revert with

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Errors.sol#L28

    /// @notice An error which is used to indicate that an operation failed because the loss that a yield token in the system exceeds the maximum value permitted.

Change loss that to loss of

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/interfaces/alchemist/IAlchemistV2State.sol#L47

        // The current amount of credit which is will be distributed over time to depositors.

Change is will to will

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/interfaces/alchemist/IAlchemistV2State.sol#L91

    /// @notice Collateralization is determined by taking the total value of collateral that a user has deposited into their account and dividing it their debt.

Clarify dividing it their debt

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/aave/IAToken.sol#L63

  /// @dev Transfers aTokens in the event of a borrow being liquidated, in case the liquidators reclaims the aToken.

Change liquidators to liquidator

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/aave/ILendingPool.sol#L120

  /// @param receiveAToken              `true` if the liquidators wants to receive the collateral aTokens, `false` if

Change liquidators to liquidator

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/aave/ILendingPool.sol#L283

  /// @param amounts         The amounts amounts being flash-borrowed.

Remove repeated word amounts

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/aave/IStaticAToken.sol#L89

  /// @dev Converts an aToken or underlying amount to the what it is denominated on the aToken as scaled balance,

Change to the what to to what

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/tether/ITetherToken.sol#L8

  // @notice Deprecate current contract in favour of a new one.

Change favour to favour

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/external/yearn/IYearnVaultV2.sol#L76

  /// @notice View how much the Vault expect this Strategy to return at the current block, based on its present

Change expect to expects

The same typo (recieved) occurs in both lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/transmuter/ITransmuterBuffer.sol#L211

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/ITransmuterBuffer.sol#L177

    /// @param minimumAmountOut The minimum amount of underlying tokens needed to be recieved as a result of unwrapping the yield tokens.

Change recieved to received

The same typo (recieve) occurs in both lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/ICurveFactoryethpool.sol#L7

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/ICurveMetapool.sol#L7

    /// @param j Index valie of the underlying coin to recieve

Change recieve to receive

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/transmuter/ITransmuterV2.sol#L102

  /// @return The coversion factor.

Change coversion to conversion

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/IMulticall.sol#L8

/// @dev    The use of `msg.value` should be heavily scrutinized for implementors of this interfaces.

Change this to `these

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/libraries/Limiters.sol#L29

    /// @param blocks  The number of blocks that determins the rate of the LGF.

Change determins to determines

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/libraries/LiquidityMath.sol#L39

  /// @notice normalises non 18 digit token values to 18 digits.

Change normalises to `normalizes

The same typo occurs in both lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/AlchemicTokenV2.sol#L172

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/AlchemicTokenV2Base.sol#L204

  /// @return The maximum amount of `token` that can be flashed loaned.

Change flashed to flash

The same typo occurs in both lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L619

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L695

        // Preemptively try and decrease the minting allowance. This will save gas when the allowance is not sufficient

Change and to to

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L969-L970

        // Check if the message sender is a sentinel. After this check we can revert since we know that it is neither
        // the administrator or a sentinel.

Change or to nor

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L1175

        // Valid the owner's account to assure that the collateralization invariant is still held.

Change Valid to Validate and assure to ensure

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/ThreePoolAssetManager.sol#L297

    /// @return The amount of the underying.

Change underying to underlying

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/TransmuterBuffer.sol#L48

    /// @notice The last update timestamp gor the flowRate for each address.

Change gor to for

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/TransmuterBuffer.sol#L453

    /// @param underlyingToken the underlying token whos flow is being updated

Change whos to whose

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/TransmuterV2.sol#L101

  /// @dev The identitifer of the sentinel role

Change identitifer to identifier

The word 'a' is used where 'an' should be used in the lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L38

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L73

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L104

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L134

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L164

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L231

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L250

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L277

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L300

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L330

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L331

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L361

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L362

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Actions.sol#L382

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L142

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L154

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L165

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L181

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L255

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L276

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2AdminActions.sol#L297

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L1042

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L1053

Example:

    /// If the address is not a supported yield token, this function will revert using a {UnsupportedToken} error.

The word 'an' is used where 'a' should be used in the lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Errors.sol#L41

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/alchemist/IAlchemistV2Errors.sol#L48

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/interfaces/IWhitelist.sol#L29

Example:

  /// @dev Adds an contract to the whitelist.

Issue: Require message is too long Explanation: The require messages below can potentially be shortened to 32 characters or fewer (as shown) to save gas

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemicTokenV1.sol#L51

    require(whiteList[msg.sender], "AlTokenV1: Alchemist is not whitelisted");

Change message to AlTokenV1: Alch not whitelisted

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemicTokenV1.sol#L81

    require(total <= ceiling[msg.sender], "AlUSD: Alchemist's ceiling was breached.");

Change message to AlUSD: Alch ceiling was breached

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/StakingPools.sol#L106

    require(_governance != address(0), "StakingPools: governance address cannot be 0x0");

Not sure how to shorten this message

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/StakingPools.sol#L124

    require(_pendingGovernance != address(0), "StakingPools: pending governance address cannot be 0x0");

Not sure how to shorten this message

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/StakingPools.sol#L131

    require(msg.sender == pendingGovernance, "StakingPools: only pending governance");

Change message to StakingPools: only pending gov

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/StakingPools.sol#L160

    require(tokenPoolIds[_token] == 0, "StakingPools: token already has a pool");

Change message to StakingPools: token has pool now

Issue: Variables should not be initialized to their default values Explanation: Initializing uint variables to their default value of 0 is unnecessary and costs gas

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/adapters/fuse/FuseTokenAdapterV1.sol#L36

    uint256 private constant NO_ERROR = 0;

Change to 'uint256 private constant NO_ERROR;

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/AlchemistV2.sol#L1458

        uint256 totalValue = 0;

Change to 'uint256 totalValue;'

uint256 total is initialized to zero in both lines below:

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/EthAssetManager.sol#L566

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/ThreePoolAssetManager.sol#L901

        uint256 total = 0;

Change to 'uint256 total;'

https://github.com/code-423n4/2022-05-alchemix/blob/71abbe683dfd5c0686b7e594fb4f78a14b668d8b/contracts-full/ThreePoolAssetManager.sol#L771

        uint256 normalizedTotal   = 0;

Change to 'uint256 normalizedTotal;'

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/TransmuterBuffer.sol#L534

        uint256 want = 0;

Change to 'uint256 want;'

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/TransmuterBuffer.sol#L549

        uint256 exchangeDelta = 0;

Change to 'uint256 exchangeDelta;'

#0 - 0xfoobar

2022-05-30T07:03:13Z

Typo fixes appreciated, and unique

#1 - 0xleastwood

2022-06-11T22:11:58Z

These are typos. Updating this to QA.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter