Platform: Code4rena
Start Date: 28/04/2022
Pot Size: $50,000 USDC
Total HM: 7
Participants: 43
Period: 5 days
Judge: gzeon
Total Solo HM: 2
Id: 115
League: ETH
Rank: 30/43
Findings: 1
Award: $104.94
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s
104.9405 USDC - $104.94
InceptionVaultsCore.sol#L40-L58
AdminInceptionVault.sol#L35-L49
InceptionVaultsDataProvider.sol#L30-L37
ChainlinkInceptionPriceFeed.sol#L29-L39
For InceptionVaultsCore.sol, the initialize function should check the values of _owner, inceptionCollateral, addressProvider, adminInceptionVault, inceptionVaultsDataProvider and inceptionPriceFeed.
For AdminInceptionVault.sol, the initialize function should check the values of _owner, addressProvider, debtNotifier and inceptionVaultsCore.
For InceptionVaultsDataProvider.sol, the initialize function should check the values of inceptionVaultsCore and addressProvider.
For ChainlinkInceptionPriceFeed.sol, the initialize function should check the values of addresses, inceptionCollateral, assetOracle and eurOracle.
sub function not usedChainlinkInceptionPriceFeed.sol#L76
ChainlinkInceptionPriceFeed.sol#L80
To prevent underflows, it would be safer to use the SafeMath sub function.
Using the value 2**256-1 or type(uint256).max are better options.
_vaultConfig values in InceptionVaultCore.sol.InceptionVaultsCore.sol#L40-L58
Values such as minCollateralRatio and liquidationRatio should be set and values such as the originationFee, liquidationFee and liquidationBonus should be checked for maximum and minimum values.
The _vaultConfig values should be checked in the initialize function.