Platform: Code4rena
Start Date: 04/11/2022
Pot Size: $42,500 USDC
Total HM: 9
Participants: 88
Period: 4 days
Judge: 0xean
Total Solo HM: 2
Id: 180
League: ETH
Rank: 19/88
Findings: 3
Award: $203.70
🌟 Selected for report: 0
🚀 Solo Findings: 0
138.2838 USDC - $138.28
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L163
In bid function, the safetransferfrom function doesn't check the existence of code at the token address. This is a known issue while using solmate's libraries.
Hence this may lead to miscalculation of funds and may lead to loss of funds , because if safetransferfrom() is called on a token address that doesn't have contract in it, it will always return success, bypassing the return value check. Due to this protocol will think that funds has been transferred and successful , and records will be accordingly calculated, but in reality funds were never transferred.
So this will lead to miscalculation and possibly loss of funds
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L163
Manual review
As implemented for baseToken in createAuction function, same implementation will also resolve the above issue.
Also instead of that, you could use Openzeppelin's library.
#0 - trust1995
2022-11-08T22:39:40Z
Seller can theoretically suffer from abuse if they finalize an auction where malicious buyers bid with nonexisting tokens. However, only seller can be impacted negatively, and it requires serious negligence on their part. Dup of #318 .
#1 - c4-judge
2022-11-09T15:18:27Z
0xean marked the issue as duplicate
#2 - c4-judge
2022-12-06T00:21:59Z
0xean marked the issue as satisfactory
🌟 Selected for report: 0x1f8b
Also found by: 0xSmartContract, 0xc0ffEE, Aymen0909, B2, Deivitto, Josiah, KingNFT, Rahoz, RaymondFam, RedOneN, ReyAdmirado, Trust, ajtra, aviggiano, brgltd, c7e7eff, cryptonue, ctf_sec, delfin454000, djxploit, lukris02, peanuts, rvierdiiev, shark, simon135, slowmoses, tnevler, trustindistrust
44.2869 USDC - $44.29
indexed keyword in eventshttps://github.com/code-423n4/2022-11-size/blob/main/src/interfaces/ISizeSealed.sol#L114 https://github.com/code-423n4/2022-11-size/blob/main/src/interfaces/ISizeSealed.sol#L116 https://github.com/code-423n4/2022-11-size/blob/main/src/interfaces/ISizeSealed.sol#L118 https://github.com/code-423n4/2022-11-size/blob/main/src/interfaces/ISizeSealed.sol#L120 https://github.com/code-423n4/2022-11-size/blob/main/src/interfaces/ISizeSealed.sol#L122
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L205-L206 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L217 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L365 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L451
block.timestamp is riskyhttps://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L31 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L35 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L60 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L425 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L426
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L112 - running https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L431 - further
non-reentrant modifier to prevent re-entrancyOn functions like withdraw and refund , non-reentrant modifier should be used.
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L358
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L336
#0 - c4-judge
2022-11-10T02:52:48Z
0xean marked the issue as grade-b
🌟 Selected for report: 0x1f8b
Also found by: 0xSmartContract, 0xdeadbeef, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, JC, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, TomJ, ajtra, aviggiano, chaduke, cryptostellar5, djxploit, gianganhnguyen, gogo, halden, karanctf, leosathya, lukris02, mcwildy, oyc_109, ret2basic, skyle, slowmoses
21.132 USDC - $21.13
unchecked keyword should be used on situations where there is no possibility of overflow/underflow to save gashttps://github.com/code-423n4/2022-11-size/blob/main/src/util/CommonTokenMath.sol#L65
calldata instead of memory on external function to save gashttps://github.com/code-423n4/2022-11-size/blob/main/src/util/ECCMath.sol#L37 https://github.com/code-423n4/2022-11-size/blob/main/src/util/ECCMath.sol#L51 https://github.com/code-423n4/2022-11-size/blob/main/src/util/ECCMath.sol#L60 https://github.com/code-423n4/2022-11-size/blob/main/src/util/ECCMath.sol#L25
https://github.com/code-423n4/2022-11-size/blob/main/src/util/ECCMath.sol#L56 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L454
Here a.params.merkleRoot can be cached
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L132
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L134
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L29-L37 : Here a.timings can be cached to save the key caclulation gas cost
break instead of revert inside loop statements to save gashttps://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L304 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L275 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L298 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L310 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L314
#0 - c4-judge
2022-11-10T02:07:46Z
0xean marked the issue as grade-b