Platform: Code4rena
Start Date: 07/07/2023
Pot Size: $121,650 USDC
Total HM: 36
Participants: 111
Period: 7 days
Judge: Picodes
Total Solo HM: 13
Id: 258
League: ETH
Rank: 68/111
Findings: 2
Award: $38.88
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Jeiwan
Also found by: 0xSmartContract, 0xStalin, 3docSec, ABAIKUNANBAEV, btk, dev0cloo, dirk_y, grearlake, jaraxxus, keccak123, neumo, oxchsyston, rvierdiiev
22.9603 USDC - $22.96
User only can claim reward when the reward is distributed by calling claimPrize() function.
function claimPrizes( uint8 _tier, address[] calldata _winners, uint32[][] calldata _prizeIndices, uint96 _feePerClaim, address _feeRecipient ) external returns (uint256) { if (msg.sender != _claimer) revert CallerNotClaimer(msg.sender, _claimer); uint totalPrizes; for (uint w = 0; w < _winners.length; w++) { uint prizeIndicesLength = _prizeIndices[w].length; for (uint p = 0; p < prizeIndicesLength; p++) { totalPrizes += _claimPrize( _winners[w], _tier, _prizeIndices[w][p], _feePerClaim, _feeRecipient ); } } return totalPrizes; }
This function is only can called by _claimer role:
if (msg.sender != _claimer) revert CallerNotClaimer(msg.sender, _claimer);
If vault owner set themselves as claimer or set claimer is his/her controlled address, he simply just not execute function, which make users cant claim rewards.
As described
Manual review
Consider removing claimer role and make other mechanism for user claim reward right after it is distributed
Other
#0 - c4-judge
2023-07-18T17:53:25Z
Picodes marked the issue as duplicate of #324
#1 - c4-judge
2023-08-06T10:46:40Z
Picodes marked the issue as satisfactory
π Selected for report: bin2chen
Also found by: 0x11singh99, 0xWaitress, 0xbepresent, ABAIKUNANBAEV, ArmedGoose, Bauchibred, DadeKuma, GREY-HAWK-REACH, GalloDaSballo, Inspecktor, Jeiwan, Kaysoft, MohammedRizwan, Rolezn, Vagner, alexzoid, alymurtazamemon, ayden, banpaleo5, catellatech, dacian, erebus, eyexploit, fatherOfBlocks, grearlake, joaovwfreire, keccak123, kutugu, lanrebayode77, markus_ether, nadin, naman1778, rvierdiiev, squeaky_cactus, volodya, yixxas
15.9228 USDC - $15.92
In the document, C(d) is calculated with formula:
C(d)=βtβa^d
But in code base, it is calculated as:
function computeC(SD59x18 _alpha, uint _x, uint _k) internal pure returns (SD59x18) { return toSD59x18(int(_k)).mul(_alpha.pow(toSD59x18(int256(_x)))); }
Compare with document, formula in code lacking a negative value, since _k is always >= 0
Formula is different from document
Manual review
multiple toSD59x18(int(-1)) in return value
Math
#0 - asselstine
2023-07-19T21:29:56Z
This is actually an intentional optimization: if you look at the integrate function it goes start - end rather than end - start with both operands being negative. It saves us from multiplying by -1 redundantly multiple times.
That being said- I feel like we could add comments to clarify that in the code.
#1 - c4-sponsor
2023-07-19T21:30:00Z
asselstine marked the issue as disagree with severity
#2 - c4-judge
2023-08-07T15:02:55Z
Picodes changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-08-08T14:36:09Z
Picodes marked the issue as grade-b