Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 131/246
Findings: 2
Award: $23.92
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: brgltd
Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron
13.1298 USDC - $13.13
WstEth.sol, Reth.sol, SfrxEth.sol, SafEth.sol
address values to initialize() instead of hardcoding them as constantsWstEth.sol - 13-18
SfrxEth.sol - 14-21
Reth.sol - 20-27
WstEth.sol - 33
SfrxEth.sol - 36
Reth.sol - 42
SafEth.sol - 183
10 ** 18)SafEth.sol - 55, 75, 80, 81, 94, 98
SafEth.sol - 186
Reth.sol - 5
if else statementReth.sol - 212-215
Reth.sol - 69, 190, 232, 124, 161
_derivativeIndex, _derivativeIndex should not be greater than or equal to derivativeCount_minAmount, _minAmount should not be greater than or equal to maxAmountSafEth.sol - 215
_maxAmount , _maxAmount should not be less than or equal to minAmountSafEth.sol - 224
SafEth.sol - 158 The function doesnโt add a new derivative to the index fund
receive() method#0 - c4-sponsor
2023-04-07T22:20:54Z
elmutt marked the issue as sponsor confirmed
#1 - c4-judge
2023-04-24T19:06:41Z
Picodes marked the issue as grade-b
๐ Selected for report: Rolezn
Also found by: 0x3b, 0xGordita, 0xSmartContract, 0xhacksmithh, 0xnev, 0xpanicError, 4lulz, Angry_Mustache_Man, ArbitraryExecution, Aymen0909, Bason, BlueAlder, EvanW, Franfran, HHK, Haipls, IgorZuk, JCN, KrisApostolov, Madalad, MiksuJak, MiniGlome, RaymondFam, ReyAdmirado, Rickard, Sathish9098, Udsen, adriro, alexzoid, anodaram, arialblack14, c3phas, carlitox477, ch0bu, chaduke, codeslide, d3e4, dicethedev, ernestognw, fatherOfBlocks, georgits, hunter_w3b, inmarelibero, lukris02, mahdirostami, maxper, pavankv, pixpi, rotcivegaf, smaul, tank, tnevler, wen, yac
10.7864 USDC - $10.79
public functions not called internally can be declared external insteadstorage variables instead of reading them in every iteration of the loopSafEth.sol - 71, 84, 113, 140, 147, 171, 191
totalWeigh, just add the new weight and remove the old oneSafEth.sol - 170-173
For example totalWeight = totalWeight + _weight - weights[_derivativeIndex];
totalWeigh, just add _weight to itSafEth.sol - 190-193
For example totalWeight = totalWeight + _weight
SafEth.sol - 216, 225, 234, 243
(poolPrice() * 10 ** 18) / (10 ** 18) will always return poolPrice(), no need to multiply and divideReth.sol - 212
#0 - c4-sponsor
2023-04-07T22:21:17Z
elmutt marked the issue as sponsor confirmed
#1 - c4-judge
2023-04-23T19:31:34Z
Picodes marked the issue as grade-b