Back to fatherOfBlocks's contests

Yield Witch v2 contest - fatherOfBlocks's results

Fixed-rate borrowing and lending on Ethereum

General Information

Platform: Code4rena

Start Date: 14/07/2022

Pot Size: $25,000 USDC

Total HM: 2

Participants: 63

Period: 3 days

Judge: PierrickGT

Total Solo HM: 1

Id: 147

League: ETH

Yield

Findings Distribution

Researcher Performance

Rank: 28/63

Findings: 2

Award: $55.94

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYield

Findings Information

🌟 Selected for report: hickuphh3

Also found by: 0x29A, 0x52, 0xNazgul, Chom, Deivitto, ElKu, Funen, IllIllI, Meera, ReyAdmirado, SooYa, TomJ, Trumpero, Waze, __141345__, ak1, asutorufos, c3phas, cRat1st0s, csanuragjain, delfin454000, exd0tpy, fatherOfBlocks, hake, hansfriese, horsefacts, hyh, karanctf, kenzo, kyteg, ladboy233, pashov, peritoflores, rajatbeladiya, rbserver, reassor, rokinot, simon135, wastewa

Awards

39.0252 USDC - $39.03

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

  • L84 - If the only value that the input param can have is "ladle" then it is not necessary to request that parameter.

  • L95 - It is not validated, in the setLine() function, that the input "duration" is != 0, this is important, since in the function _calcPayout() line 591 a division is made by duration, but it is not validated let it be 0. If this happened, it would imply that a lines was set with an incorrect value and it would not show a message according to the reason for the error.

#0 - alcueca

2022-07-22T13:56:01Z

L84, we use that function in all of our contracts, as a standard. L95, as per the README, we are not keen on checking parameters in governance functions, it gives false assurances.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, Aymen0909, Chom, Deivitto, ElKu, JC, JohnSmith, Kaiziron, Limbooo, MadWookie, Meera, ReyAdmirado, Rohan16, Sm4rty, SooYa, TomJ, Trumpero, Waze, __141345__, ajtra, ak1, antonttc, bulej93, c3phas, cRat1st0s, csanuragjain, defsec, durianSausage, fatherOfBlocks, gogo, hake, hickuphh3, ignacio, joestakey, karanctf, kyteg, m_Rassska, pashov, rajatbeladiya, rbserver, robee, rokinot, samruna, sashik_eth, simon135, tofunmi

Awards

16.9093 USDC - $16.91

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

  • L84/102-108/189/200/255/256/300/313/328/358/365/395/416/437 - A require generates a lot of gas costs, gas could be saved using ifs with custom errors.

  • L255/300/358/393/398/416 - Instead of using "variable > 0", lower gas costs are generated by doing "variable != 0"

  • L191/192/202/547/548/552/594/595 - It is not necessary to create a variable in memory if it is only going to be used once within the function.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter