Platform: Code4rena
Start Date: 16/11/2021
Pot Size: $30,000 USDC
Total HM: 3
Participants: 18
Period: 3 days
Judge: leastwood
Total Solo HM: 2
Id: 56
League: ETH
Rank: 12/18
Findings: 2
Award: $199.05
🌟 Selected for report: 3
🚀 Solo Findings: 0
gzeon
Incorrect event emitted on BorrowFee update.
Add around L78
event BorrowFeeUpdated(uint256 fee);
Replace L299
emit BorrowFeeUpdated(_borrowFee);
#0 - Xuefeng-Zhu
2021-12-09T06:29:38Z
🌟 Selected for report: gzeon
47.3259 USDC - $47.33
gzeon
https://github.com/code-423n4/2021-11-yaxis/blob/146febcb61ae7fe20b0920849c4f4bbe111c6ba7/contracts/v3/alchemix/Alchemist.sol#L625 borrowFee can be cached in memory, i.e.
uint256 _borrowFee = borrowFee; if (_borrowFee > 0) { uint256 _borrowFeeAmount = _remainingAmount.mul(_borrowFee).div( PERCENT_RESOLUTION ); _cdp.totalDebt = _cdp.totalDebt.add(_borrowFeeAmount); xtoken.mint(rewards, _borrowFeeAmount); }
🌟 Selected for report: gzeon
47.3259 USDC - $47.33
gzeon
onlyAdmin of YaxisVaultAdapter.sol is only used in withdraw, it is advised to inline the function to save some gas without losing readability.
🌟 Selected for report: gzeon
47.3259 USDC - $47.33
gzeon
https://github.com/code-423n4/2021-11-yaxis/blob/146febcb61ae7fe20b0920849c4f4bbe111c6ba7/contracts/v3/alchemix/Alchemist.sol#L630
The line can be rewritten as
_remainingAmount = _remainingAmount.add(_borrowFeeAmount);
to reduce a storage write. Alternatively use a memory variable to preserve code readability.