Platform: Code4rena
Start Date: 10/05/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 100
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 1
Id: 122
League: ETH
Rank: 45/100
Findings: 2
Award: $86.43
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hubble
Also found by: 0x1337, 0x1f8b, 0x4non, 0xDjango, 0xf15ers, 0xsanson, 242, Aits, AlleyCat, Bludya, BondiPestControl, BouSalman, BowTiedWardens, CertoraInc, Cityscape, Czar102, FSchmoede, Funen, Hawkeye, IllIllI, JDeryl, Kenshin, Kumpa, MaratCerby, MiloTruck, Picodes, Ruhum, TrungOre, VAD37, WatchPug, Waze, antonttc, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, dipp, dirk_y, djxploit, eccentricexit, ellahi, fatherOfBlocks, hake, hansfriese, hickuphh3, horsefacts, hyh, jah, joestakey, mics, minhquanym, pedroais, pmerkleplant, radoslav11, reassor, rfa, robee, seanamani, shenwilly, shung, sikorico, sorrynotsorry, sseefried, z3s
55.7081 USDC - $55.71
1st issue : Wrong revert comment
In L169, the revert comment should be "Reserve strike too large"
2nd issue : Error in calculation of fee
While calculating fee, in the block L282-L286, the calculation doesn't take into account for smaller feeRate and vault.currentStrike.
Because , when the vault.currentStrike < 1e17 and feeRate == 1 , in that case calculated fee becomes 0. So no fee is required for while exercising options bought at that price, and feerate.
3rd issue : No max limit on fee
There is no max limit set on the fee rate, as seen in the setFee function L119-L121
Due to this a malicious owner can set a high feerate and cause griefing to it's users.
4th issue : Use of block.timestamp
block.timestamp can be manipulated by miners. https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L228
#0 - outdoteth
2022-05-16T18:58:22Z
this can be bumped to medium severity: 3rd issue : No max limit on fee: https://github.com/code-423n4/2022-05-cally-findings/issues/48
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsanson, Bludya, BowTiedWardens, CertoraInc, Cityscape, DavidGialdi, FSchmoede, Fitraldys, Funen, Hawkeye, Kenshin, MadWookie, MaratCerby, MiloTruck, Picodes, RagePit, Tadashi, TerrierLover, TomFrenchBlockchain, VAD37, WatchPug, Waze, _Adam, antonttc, bobirichman, catchup, defsec, delfin454000, djxploit, ellahi, fatherOfBlocks, gzeon, hake, hansfriese, hickuphh3, horsefacts, ignacio, joestakey, jonatascm, mics, minhquanym, oyc_109, pmerkleplant, rfa, robee, rotcivegaf, samruna, shung, sikorico, simon135, z3s
30.72 USDC - $30.72
Using unchecked keyword to prevent overflow/underflow checks, saves gas
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L265
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L417
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L459
Use !=0 instead of > 0 inside require statements, to save gas.
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L170
In https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L283, the if (feeRate > 0) { can be changed to if (feeRate) { to save gas
Function setFee and vaults of Cally.sol contract are single line functions, that can be inlined to save gas.
In https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L94-L95, initialization of the two variables are not required, as they are set as 0, by default
The parameters of createVault function in Cally.sol contract, can be marked as calldata to save gas.