Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 73/101
Findings: 1
Award: $33.58
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5761 USDC - $33.58
peg/SimpleFeiDaiPSM.sol, 27, b' event Redeem(address to, uint256 amountFeiIn, uint256 amountAssetOut);' peg/SimpleFeiDaiPSM.sol, 29, b' event Mint(address to, uint256 amountIn, uint256 amountFeiOut); '
shutdown/fuse/MerkleRedeemerDripper.sol, 2, b'pragma solidity =0.8.10;' shutdown/fuse/RariMerkleRedeemer.sol, 2, b'pragma solidity =0.8.10;' peg/SimpleFeiDaiPSM.sol, 2, b'pragma solidity ^0.8.4;' shutdown/redeem/TribeRedeemer.sol, 2, b'pragma solidity ^0.8.4;'
TRANSFER()/TRANSFERFROM() NOT CHECKED Not all IERC20 implementations revert() when thereโs a failure in transfer()/transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a payment
shutdown/fuse/RariMerkleRedeemer.sol, 217, b' IERC20(cToken).safeTransferFrom(msg.sender, address(this), cTokenAmount);' shutdown/fuse/RariMerkleRedeemer.sol, 218, b' IERC20(baseToken).safeTransfer(msg.sender, baseTokenAmountReceived);' shutdown/fuse/RariMerkleRedeemer.sol, 249, b' IERC20(cTokens[i]).safeTransferFrom(msg.sender, address(this), cTokenAmounts[i]);' shutdown/fuse/RariMerkleRedeemer.sol, 250, b' IERC20(baseToken).safeTransfer(msg.sender, baseTokenAmountReceived);' peg/SimpleFeiDaiPSM.sol, 40, b' DAI.safeTransferFrom(msg.sender, address(this), amountIn);' peg/SimpleFeiDaiPSM.sol, 55, b' FEI.safeTransferFrom(msg.sender, address(this), amountFeiIn);' peg/SimpleFeiDaiPSM.sol, 56, b' DAI.safeTransfer(to, amountOut);' shutdown/redeem/TribeRedeemer.sol, 65, b' IERC20(redeemedToken).safeTransferFrom(msg.sender, address(this), amountIn);' shutdown/redeem/TribeRedeemer.sol, 72, b' IERC20(tokens[i]).safeTransfer(to, amountsOut[i]);' risk discourage_safeTransfer shutdown/fuse/RariMerkleRedeemer.sol, 218, b' IERC20(baseToken).safeTransfer(msg.sender, baseTokenAmountReceived);' shutdown/fuse/RariMerkleRedeemer.sol, 250, b' IERC20(baseToken).safeTransfer(msg.sender, baseTokenAmountReceived);' peg/SimpleFeiDaiPSM.sol, 56, b' DAI.safeTransfer(to, amountOut);' shutdown/redeem/TribeRedeemer.sol, 72, b' IERC20(tokens[i]).safeTransfer(to, amountsOut[i]);'
If the caller makes a copy-paste error, the lengths may be mismatchd and an operation believed to have been completed may not in fact have been completed function withdrawMultipleERC721(address[] memory _tokens, uint256[] memory _tokenId, address _to) external override {
shutdown/fuse/RariMerkleRedeemer.sol, 66, b' function multiClaim(\n address[] calldata _cTokens,\n uint256[] calldata _amounts,\n bytes32[][] calldata _merkleProofs\n ) external override hasSigned nonReentrant ' shutdown/fuse/RariMerkleRedeemer.sol, 79, b' function multiRedeem(address[] calldata cTokens, uint256[] calldata cTokenAmounts)\n external\n override\n hasSigned\n nonReentrant\n ' shutdown/fuse/RariMerkleRedeemer.sol, 97, b' function signAndClaim(\n bytes calldata signature,\n address[] calldata cTokens,\n uint256[] calldata amounts,\n bytes32[][] calldata merkleProofs\n ) external override nonReentrant ' shutdown/fuse/RariMerkleRedeemer.sol, 106, b' function claimAndRedeem(\n address[] calldata cTokens,\n uint256[] calldata amounts,\n bytes32[][] calldata merkleProofs\n ) external hasSigned nonReentrant ' shutdown/fuse/RariMerkleRedeemer.sol, 118, b' function signAndClaimAndRedeem(\n bytes calldata signature,\n address[] calldata cTokens,\n uint256[] calldata amountsToClaim,\n uint256[] calldata amountsToRedeem,\n bytes32[][] calldata merkleProofs\n ) external override hasNotSigned nonReentrant '
shutdown/redeem/TribeRedeemer.sol, 32, b' redeemedToken = _redeemedToken;' shutdown/redeem/TribeRedeemer.sol, 33, b' tokensReceived = _tokensReceived;'
_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function
SimpleFeiDaiPSM.sol,41,FEI.mint(to, amountFeiOut);