Platform: Code4rena
Start Date: 08/07/2021
Pot Size: $50,000 USDC
Total HM: 7
Participants: 13
Period: 7 days
Judge: ghoulsol
Total Solo HM: 5
Id: 18
League: ETH
Rank: 7/13
Findings: 2
Award: $1,356.41
🌟 Selected for report: 3
🚀 Solo Findings: 0
412.3534 USDC - $412.35
gpersoon
Both the functions setLiqParamsToken and setLiqParamsDefault have a check to make sure that _liqFeeCaller + _liqFeeSystem <= MAX_LIQ_FEES
However the constructor of Controller sets the same parameters and doesn't have this check. It seems logical to also do the check in the controller otherwise the parameters could be set outside of the wanted range.
// https://github.com/code-423n4/2021-07-wildcredit/blob/main/contracts/Controller.sol#L49 constructor( address _interestRateModel, uint _liqFeeSystemDefault, uint _liqFeeCallerDefault) { ... liqFeeSystemDefault = _liqFeeSystemDefault; liqFeeCallerDefault = _liqFeeCallerDefault;
function setLiqParamsToken( address _token, uint _liqFeeSystem, uint _liqFeeCaller ) external onlyOwner { require(_liqFeeCaller + _liqFeeSystem <= MAX_LIQ_FEES, "Controller: fees too high"); ... liqFeeSystemToken[_token] = _liqFeeSystem; liqFeeCallerToken[_token] = _liqFeeCaller;
function setLiqParamsDefault( uint _liqFeeSystem, uint _liqFeeCaller) external onlyOwner { require(_liqFeeCaller + _liqFeeSystem <= MAX_LIQ_FEES, "Controller: fees too high"); liqFeeSystemDefault = _liqFeeSystem; liqFeeCallerDefault = _liqFeeCaller;
Add something like the following in the constructor of Controller require(liqFeeCallerDefault + liqFeeSystemDefault <= MAX_LIQ_FEES, "Controller: fees too high");
🌟 Selected for report: gpersoon
916.341 USDC - $916.34
gpersoon
The parameter minBorrowUSD of the contract Controller isn't initialized. If someone is able to Borrow before the function setMinBorrowUSD is called, he might be able to borrow a very small amount. This might be unwanted.
//https://github.com/code-423n4/2021-07-wildcredit/blob/main/contracts/Controller.sol#L27 uint public minBorrowUSD;
function setMinBorrowUSD(uint _value) external onlyOwner { minBorrowUSD = _value; }
//https://github.com/code-423n4/2021-07-wildcredit/blob/main/contracts/LendingPair.sol#L553 function _checkBorrowLimits(address _token, address _account) internal view { ... require(accountBorrowUSD >= controller.minBorrowUSD(), "LendingPair: borrow amount below minimum");
Initialize minBorrowUSD via the constructor or set a reasonable default in the contract.
27.7161 USDC - $27.72
gpersoon
The function withdrawBorrowETH of the contract LendingPair calls _wethWithdrawTo and then calls _checkMinReserve. However _wethWithdrawTo also calls _checkMinReserve (except when _amount but then not much happens anyway.
So the call to _checkMinReserve in withdrawBorrowETH is redundant and uses some extra gas.
//https://github.com/code-423n4/2021-07-wildcredit/blob/main/contracts/LendingPair.sol#L106
function withdrawBorrowETH(uint _amount) external { .. _wethWithdrawTo(msg.sender, _amount); _checkMinReserve(address(WETH)); // is also called in _wethWithdrawTo }
function _wethWithdrawTo(address _to, uint _amount) internal override { if (_amount > 0) { TransferHelper._wethWithdrawTo(_to, _amount); _checkMinReserve(address(WETH)); } }
Consider removing the _checkMinReserve in withdrawBorrowETH Or consider moving the _checkMinReserve to all functions where _wethWithdrawTo is called