Platform: Code4rena
Start Date: 25/10/2022
Pot Size: $50,000 USDC
Total HM: 18
Participants: 127
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 175
League: ETH
Rank: 61/127
Findings: 2
Award: $55.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0xNazgul, 0xSmartContract, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, ElKu, JC, Josiah, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Waze, __141345__, adriro, aphak5010, brgltd, c3phas, c7e7eff, carlitox477, cducrest, ch0bu, chrisdior4, cryptonue, cryptostellar5, cylzxje, d3e4, delfin454000, enckrish, evmwanderer, fatherOfBlocks, gogo, hansfriese, horsefacts, immeas, leosathya, lukris02, neumo, oyc_109, pedr02b2, rbserver, robee, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, tnevler, trustindistrust, wagmi
36.7345 USDC - $36.73
BorrowController.operatorAccidently transferring operator rights to an unowned address, will freeze the allowList in its then current state. Use a two step process as in DBR.
Market.escrowImplementation and Market.callOnDepositCallback can cause deposits to revertIf callOnDepositCallback is set to true, then escrow.onDeposit() will be called, but only INVEscrow implements this function and if the implementation points to any other escrow, then deposit will revert.
Market.getWithdrawalLimitInternalhttps://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L360
BorrowController.allow and BorrowController.denyDBR.addMinter and DBR.removeMinter can emit incorrect event in some casesaddMinter can emit AddMinter event even if the address is already a minter. Same for removeMinter, which emits RemoveMinter for an address, even if it wasn't a minter before.
DBR.transferFrom doesn't return useful error for insufficient allowanceIn case, allowance is less than the amount to transfer, DBR.transferFrom reverts due to underflow error. An end-user can not determine the reason without requiring substantial effort.
https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L194
Market.dola can be marked as constant since it is not assigned to in the constructor#0 - c4-judge
2022-11-07T21:52:25Z
0xean marked the issue as grade-b
🌟 Selected for report: pfapostol
Also found by: 0x1f8b, 0xRoxas, 0xSmartContract, Amithuddar, Aymen0909, B2, Bnke0x0, Chandr, CloudX, Deivitto, Diana, Dinesh11G, ElKu, HardlyCodeMan, JC, JrNet, KoKo, Mathieu, Ozy42, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Shinchan, __141345__, adriro, ajtra, aphak5010, ballx, c3phas, carlitox477, ch0bu, chaduke, cryptostellar5, djxploit, durianSausage, enckrish, exolorkistis, fatherOfBlocks, gogo, horsefacts, kaden, karanctf, leosathya, martin, mcwildy, oyc_109, ret2basic, robee, sakman, sakshamguruji, shark, skyle, tnevler
19.0072 USDC - $19.01
Oracle.FeedDataFeed decimals is accessed by viewPrice and getPrice. As feed decimals cannot change in a Chainlink feed, it can be cached in a new field in FeedData to save gas.
struct FeedData { IChainlinkFeed feed; uint8 feedDecimals; uint8 tokenDecimals; } ... function setFeed(address token, IChainlinkFeed feed, uint8 tokenDecimals) public onlyOperator { feeds[token] = FeedData(feed, feed.decimals(), tokenDecimals); } ... uint8 feedDecimals = feeds[token].feedDecimals();
-103812 (36.146%) in Forge gas comparison with original implementation.
require above state update in Market.borrowInternalrequire(credit >= debts[borrower] + amount, "Exceeded credit limit"); debts[borrower] += amount;
18289 (-5.962%) in Forge gas comparison with original implementation.
#0 - c4-judge
2022-11-05T23:50:00Z
0xean marked the issue as grade-b