Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 38/78
Findings: 2
Award: $76.56
π Selected for report: 0
π Solo Findings: 0
π Selected for report: joestakey
Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 8olidity, Avci, Bahurum, Bnke0x0, Chom, ElKu, Funen, GimelSec, JC, Junnon, Kaiziron, Meera, PaludoX0, Picodes, ReyAdmirado, Sm4rty, Soosh, Waze, _Adam, __141345__, ak1, aysha, benbaessler, bin2chen, c3phas, cccz, cryptphi, csanuragjain, defsec, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, itsmeSTYJ, jonatascm, kyteg, mektigboy, oyc_109, pashov, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, scaraven, simon135, slywaters
50.828 USDC - $50.83
Marketplace/Marketplace.sol
Marketplace/Erc20.sol
L78 - If the contract or the address receiving the approve is an attacking address, it could front run to spend the approve when the owner tries to reduce or change the approve for the attacking address.
This code is repeated in Creator/Erc20.sol and tokens/Erc20.sol
Marketplace/FixedPointMathLib.sol
Creator/Creator.sol
Creator/LibFuse.sol
Creator/Compounding.sol
Creator/LibCompound.sol
Creator/Erc20.sol
Creator/ZcToken.sol
L31 - Several storage variables are set in the constructor that are immutable but are not validated if they are different from zero and if they comply with the interface. This would leave many functions with a DoS, forcing a redeploy of the contract.
L43/52/70/79/88 - In the view functions, a variable could be created in memory and validate that IRedeemer(redeemer).markets(protocol, underlying, maturity).maturityRate) != 0, in order to display the corresponding message, in these functions.
This code is repeated in tokens/ZcToken.sol
VaultTracker/VaultTracker.sol
Swivel/Swivel.sol
L33/72 - aaveAddr could be immutable, since it is only set in the constructor.
L111/388 - If in the validation of line 118 (amount > o.premium) the two values ββare zero, it would not revert. This code would revert on line 127 when doing a division by zero, without a correct message as to why it would revert.
L495 - Instead of validating that len ββ== d.length and otherwise reverting, it would validate that len ββ== 4 && d.length == 4, since otherwise a revert would be generated without explaining why within the for loop (if len = = d.length, but they are > 4).
All functions use letters to refer to the function inputs, this is something that could be more descriptive if the names represented the value they actually have.
#0 - robrobbins
2022-08-31T00:16:24Z
some corrections made elsewhere. some are wontfix (zctoken out of scope)
π Selected for report: joestakey
Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xsam, Avci, Aymen0909, Bnke0x0, CRYP70, ElKu, Fitraldys, Funen, JC, Kaiziron, MadWookie, Meera, ReyAdmirado, Sm4rty, Soosh, TomJ, Waze, _Adam, __141345__, ajtra, benbaessler, c3phas, csanuragjain, durianSausage, exd0tpy, fatherOfBlocks, hake, ignacio, karanctf, kyteg, m_Rassska, oyc_109, rbserver, robee, rokinot, samruna, sashik_eth, simon135, slywaters
25.7279 USDC - $25.73
Swivel/Swivel.sol
L100/269/418/564 - Instead of i++, you can save a little more gas by doing ++i;
L140/141/166/167/201/202/232/233/296/298/326/328/362/363/387/390/394/395/549/561/562/579/580/656/658/673/675 - It is not necessary to create a variable in memory if it is only going to be used once.
Marketplace/Marketplace.sol
L95 - The validation of block.timestamp < m, could be done in the first line of the function, since it only requires one input. Therefore, it is not necessary to lift from storage, market.
L203/207/216/218/220/228/229 - It is not necessary to create a variable in memory if it is only going to be used once.
L341/346 - Instead of using a modifier, you could save gas by using a private view function.
Creator/Creator.sol
Creator/VaultTracker.sol
L54/59/93/123/165/181/184/222 - When we have to validate that a uint256 is > 0 it is less expensive to make variable != 0.
L65/67/130/138/191/193/228/230 - It is not necessary to create a variable in memory if it will only be used once.
L248 - Instead of using a modifier, you could save gas by using a private view function.
VaultTracker/VaultTracker.sol
L54/59/93/123/165/181/184/222 - When we have to validate that a uint256 is > 0 it is less expensive to make variable != 0.
L65/66/100/102/130/138/172/174/191/193/228/230 - It is not necessary to create a variable in memory if it is only going to be used once.
L248 - Instead of using a modifier, you could save gas by using a private view function.