Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 123/199
Findings: 1
Award: $22.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: juancito
Also found by: 0xAgro, 0xNorman, 0xSmartContract, 0xStalin, 0xTheC0der, 0xWaitress, 0xhacksmithh, 0xnev, 3dgeville, 8olidity, Arz, Aymen0909, BGSecurity, BRONZEDISC, Bauchibred, Bauer, BenRai, ChainHunters, ChrisTina, CodeFoxInc, DedOhWale, DishWasher, EloiManuel, IceBear, Inspex, Jorgect, Kaysoft, LeoGold, LewisBroadhurst, Madalad, MiloTruck, MohammedRizwan, Nyx, Polaris_tow, RaymondFam, SaharDevep, SanketKogekar, Sathish9098, SolidityATL, Udsen, W0RR1O, aria, ayden, berlin-101, bin2chen, catellatech, codeslide, crc32, decade, descharre, evmboi32, eyexploit, fatherOfBlocks, georgits, giovannidisiena, joestakey, karanctf, kodyvim, ltyu, lukris02, m9800, matrix_0wl, mov, mrpathfindr, nadin, niser93, p0wd3r, parlayan_yildizlar_takimi, pavankv, pontifex, qpzm, ravikiranweb3, rbserver, santipu_, shealtielanz, slvDev, tnevler, wonjun, xmxanuel, yixxas
22.6007 USDC - $22.60
notifiyRepainInternal() redundant check should be removedEverytime owner repay zchf token to the system, it interally call notifyRepaidInternal(), under which its check the amount to be burn should not be greater than minted. If so revert it.
NOTE: minted state is used to account the total minted token so far.
function notifyRepaidInternal(uint256 amount) internal { if (amount > minted) revert RepaidTooMuch(amount - minted); // @audit-issue redundtant check minted -= amount; }
notifyRepaidInternal() is getting used in two places, once when owner call repay() to burn some zchf token and when it notifies the position that a challenge was successful via notifyChallengeSucceeded().
The amount we burnt will always remain below the minted amount, that means the check if (amount > minted) revert RepaidTooMuch(amount - minted); is no useful.
Let's see how,
Case 1: minted represent total minted so far, if owner decide to burn some, the amount that owner burns will always less than the minted.
ex. if owner minted 100e18, it not possible for owner to burn more than 100e18.
Case 2:
function notifyChallengeSucceeded(address _bidder, uint256 _bid, uint256 _size) external onlyHub returns (address, uint256, uint256, uint256, uint32) { ... uint256 volumeZCHF = _mulD18(price, _size); // How much could have minted with the challenged amount of the collateral // The owner does not have to repay (and burn) more than the owner actually minted. uint256 repayment = minted < volumeZCHF ? minted : volumeZCHF; // how much must be burned to make things even notifyRepaidInternal(repayment); // we assume the caller takes care of the actual repayment ... }
Here, repayment calculation show that volumeZCHF or amount we burn will always be less than or equal to minted.
Hence, the check in notifyRepaidInternal() is reduntant.
Recommendation Reduntant check consume unnecessary space in contract bytecode and also more gas while executing them. The simpler or less reduntant code helps in readibility and also avoiding unnecessary gas consumption.
Rewrite the notifyRepaidInternal func. to below
function notifyRepaidInternal(uint256 amount) internal { minted -= amount; }
#0 - c4-judge
2023-05-16T06:13:02Z
hansfriese marked the issue as grade-c
#1 - c4-judge
2023-05-18T07:38:00Z
hansfriese marked the issue as grade-b