Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 54/101
Findings: 1
Award: $33.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5774 USDC - $33.58
require() check can be bypassed
File: SimpleFeiDaiPSM.sol
In function mint() and redeem(), the checks:
require(amountFeiOut >= minAmountOut, "SimpleFeiDaiPSM: Mint not enough out");
require(amountOut >= minAmountOut, "SimpleFeiDaiPSM: Redeem not enough out");
can be bypassed, as the parameter minAmountOut is given as argument.
Typo in emit statements
File: SimpleFeiDaiPSM.sol
In function mint(), the last parameter of emit statement should be amountOut instead of amountIn. Though their values may be same, but the correction increases readability of the code.
Similarly for redeem() , the last parameter of emit statement should be amountOut instead of amountFeiIn
Two functions can be combined into 1, as their logic is same
File: SimpleFeiDaiPSM.sol
The function getMintAmountOut and getRedeemAmountOut should be merged because both of them just returns the value of the parameter passed, i.e their logic is same.
Unnecessary constants defined.
File: SimpleFeiDaiPSM.sol
Constants like paused , redeemPaused, mintPaused are defined, but the mint and redeem function doesn't use them. Ex: mint will not stop, even if paused=true. Furthermore there is no function to modify them.
Loop on unbounded arrays can lead to DOS
File: TribeRedeemer.sol
In previewRedeem function, tokensReceived array is unbounded. So if this array grows quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all.
for (uint256 i = 0; i < tokensReceived.length; i++) {
Also in redeem function, tokens array is unbounded, which may lead to DOS, if it has a very large length.
for (uint256 i = 0; i < tokens.length; i++) {
Immutable address should be 0-checked
File: TribeRedeemer.sol : address _redeemedToken in constructor function
File: SimpleFeiDaiPSM.sol : pragma solidity ^0.8.4;
File: TribeRedeemer.sol : pragma solidity ^0.8.4;
The compiler of all the 4 in-scope contracts should be upgraded to the latest version, at least above the compiler version 0.8.10
require(amountFeiOut >= minAmountOut, "SimpleFeiDaiPSM: Mint not enough out");
redeem(): require(amountOut >= minAmountOut, "SimpleFeiDaiPSM: Redeem not enough out");#0 - HickupHH3
2022-10-08T03:42:13Z
Most of the low level issues raised are invalid.
L1: require() check can be bypassed. Not bypassed, it's a sanity check for the user. Also a virtual slippage check
L2-L4: For conformity with PSM module
L5: see #223