Platform: Code4rena
Start Date: 28/11/2022
Pot Size: $192,500 USDC
Total HM: 33
Participants: 106
Period: 11 days
Judge: LSDan
Total Solo HM: 15
Id: 186
League: ETH
Rank: 65/106
Findings: 2
Award: $108.50
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x52, 0xNazgul, Franfran, IllIllI, Jeiwan, Lambda, RaymondFam, Rolezn, Trust, __141345__, codecustard, erictee, gzeon, hansfriese, imare, rbserver, rvierdiiev, seyni, skinz, ujamal_
4.5766 USDC - $4.58
Judge has assessed an item in Issue #258 as M risk. The relevant finding follows:
[L-03] Use of deprecated functions Impact The contract uses deprecated function latestAnswer(). Such functions might suddenly stop working if no longer supported. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to be redeployed.
Findings: contracts/misc/ParaSpaceOracle.sol:L128 price = uint256(source.latestAnswer());
#0 - c4-judge
2023-01-25T15:52:12Z
dmvt marked the issue as duplicate of #5
#1 - c4-judge
2023-01-25T15:52:17Z
dmvt marked the issue as partial-25
🌟 Selected for report: IllIllI
Also found by: 0x4non, 0x52, 0xAgro, 0xNazgul, 0xSmartContract, 0xackermann, 9svR6w, Awesome, Aymen0909, B2, BRONZEDISC, Bnke0x0, Deekshith99, Deivitto, Diana, Dravee, HE1M, Jeiwan, Kaiziron, KingNFT, Lambda, Mukund, PaludoX0, RaymondFam, Rolezn, Sathish9098, Secureverse, SmartSek, __141345__, ahmedov, ayeslick, brgltd, cccz, ch0bu, chrisdior4, cryptonue, cryptostellar5, csanuragjain, datapunk, delfin454000, erictee, gz627, gzeon, helios, i_got_hacked, ignacio, imare, jadezti, jayphbee, joestakey, kankodu, ksk2345, ladboy233, martin, nadin, nicobevi, oyc_109, pashov, pavankv, pedr02b2, pzeus, rbserver, ronnyx2017, rvierdiiev, shark, unforgiven, xiaoming90, yjrwkk
103.9175 USDC - $103.92
approve() and safeApprove() should be replaced with safeIncreaseAllowance() / safeDecreaseAllowance()approve() & safeApprove() are deprecated and subject to a known front-running attack. Consider using safeIncreaseAllowance() & safeDecreaseAllowance() instead.
contracts/protocol/libraries/logic/MarketplaceLogic.sol:L555 IERC20(token).safeApprove(operator, type(uint256).max); contracts/protocol/tokenization/NTokenApeStaking.sol:L45 _apeCoin.approve(address(_apeCoinStaking), type(uint256).max); contracts/protocol/tokenization/NTokenApeStaking.sol:L46 _apeCoin.approve(address(POOL), type(uint256).max);
decimals() not part of ERC20 standard.decimals() is not part of the official ERC20 standard and might fall for tokens that do not implement it. While in practice it is very unlikely, as usually most of the tokens implement it, this should still be considered as a potential issue.
contracts/misc/UniswapV3OracleWrapper.sol:L234 .decimals(); contracts/misc/UniswapV3OracleWrapper.sol:L236 .decimals();
The contract uses deprecated function latestAnswer(). Such functions might suddenly stop working if no longer supported.
Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to be redeployed.
contracts/misc/ParaSpaceOracle.sol:L128 price = uint256(source.latestAnswer());
Code architecture, incentives, and error handling/reporting questions/issues should be resolved before deployment.
contracts/misc/UniswapV3OracleWrapper.sol:L238 // TODO using bit shifting for the 2^96 contracts/misc/marketplaces/LooksRareAdapter.sol:L59 makerAsk.price, // TODO: take minPercentageToAsk into account contracts/protocol/libraries/logic/MarketplaceLogic.sol:L442 // TODO: support PToken
#0 - c4-judge
2023-01-25T15:51:04Z
dmvt marked the issue as grade-b