Back to fatherOfBlocks's contests

Redacted Cartel contest - fatherOfBlocks's results

Boosted GMX assets from your favorite liquid token wrapper, Pirex - brought to you by Redacted Cartel.

General Information

Platform: Code4rena

Start Date: 21/11/2022

Pot Size: $90,500 USDC

Total HM: 18

Participants: 101

Period: 7 days

Judge: Picodes

Total Solo HM: 4

Id: 183

League: ETH

Redacted Cartel

Findings Distribution

Researcher Performance

Rank: 68/101

Findings: 1

Award: $53.49

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRedacted Cartel

Findings Information

🌟 Selected for report: 0xSmartContract

Also found by: 0xAgro, 0xNazgul, 0xPanda, 0xbepresent, 0xfuje, Awesome, B2, Bnke0x0, Deivitto, Diana, Funen, Jeiwan, JohnSmith, Josiah, R2, RaymondFam, Rolezn, Sathish9098, Waze, adriro, aphak5010, brgltd, btk, carrotsmuggler, ch0bu, chaduke, codeislight, codexploder, cryptostellar5, csanuragjain, danyams, datapunk, delfin454000, deliriusz, eierina, erictee, fatherOfBlocks, gz627, gzeon, hansfriese, hihen, jadezti, joestakey, keccak123, martin, nameruse, oyc_109, pedr02b2, perseverancesuccess, rbserver, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, subtle77, unforgiven, xiaoming90, yixxas

Awards

53.4851 USDC - $53.49

Labels

bug
grade-b
QA (Quality Assurance)
Q-06

External Links

Link to GitHub issue

src/interfaces/IPirexRewards.sol

  • L4 - ERC20 is imported but it is never used, therefore it does not need to be there, it should be removed.

src/interfaces/IProducer.sol

  • L4 - ERC20 is imported but it is never used, therefore it does not need to be there, it should be removed.

src/vaults/AutoPxGmx.sol

  • L60 - The AlreadySet error is created, but it is never used, so it should be removed.

  • L185/213 - The _totalSupply - shares operation is performed, but shares is an input to the function, therefore it is very possible to generate overflows, this should be validated in order to show a correct error so that it is easy for users to understand.

src/vaults/AutoPxGlp.sol

  • The AutoPxGlp and AutoPxGmx contracts have a lot of shared code, therefore it would be very possible to modularize the code by creating an abstract contract or simply create two contracts that inherit from one that has everything shared implemented. For example: constants, inheritance, variables in storages and default values, events, errors, setters and functions.

  • L163/191 - The _totalSupply - shares operation is performed, but shares is an input to the function, therefore it is very possible to generate overflows, this should be validated in order to show a correct error so that it is easy for users to understand.

#0 - c4-judge

2022-12-05T09:56:16Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter