Platform: Code4rena
Start Date: 08/04/2021
Pot Size: $100,000 USDC
Total HM: 3
Participants: 10
Period: 14 days
Judge: Nick Johnson
Total Solo HM: 3
Id: 4
League: ETH
Rank: 8/10
Findings: 2
Award: $2,446.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
gpersoon
The function claim() of Pool.sol doesn't include a call to _isValidState(...) So the function might be called in all states, for example when state=Deactivated The most of the other functions in Pool.sol do check _isValidState().
_isValidState is not present here:
function claim(address loan, address dlFactory) external returns(uint256[7] memory) { _whenProtocolNotPaused(); _isValidDelegateOrAdmin(); uint256[7] memory claimInfo = IDebtLocker(debtLockers[loan][dlFactory]).claim();
editor
Double check if the state is really not relevant here. Perhaps add a comment that the state is not relevant.
#0 - lucas-manuel
2021-04-23T19:14:24Z
duplicate of #68
775.8621 USDC - $775.86
gpersoon
Several function are defined to be public and others are external. Even with very similar functions the use of public and external differs. Making this the same everywhere (where possible) will make the code cleaner
LoanFactory.sol: function createLoan(..) external whenNotPaused returns (address) {
PoolFactory.sol: function createPool(..) public whenNotPaused returns (address) {
editor
Use public and external in a consistent way
#0 - lucas-manuel
2021-04-22T14:44:59Z
Will address this, informational issue, not bug.
#1 - lucas-manuel
2021-04-23T20:04:39Z
Duplicate of #11