Platform: Code4rena
Start Date: 13/12/2021
Pot Size: $75,000 USDC
Total HM: 11
Participants: 30
Period: 7 days
Judge: leastwood
Total Solo HM: 4
Id: 68
League: ETH
Rank: 18/30
Findings: 3
Award: $655.59
🌟 Selected for report: 0
🚀 Solo Findings: 0
gzeon
Pool cap is checked in L154 https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L154
require( totalSupply.add(_amount) <= this.getCap(), "MAX_POOL_CAP_REACHED" );
but since we mint _amount to the user and some % of feeAmount to Beneficiary, totalSupply can actually go above the defined cap.
require( totalSupply.add(_amount).add(feeAmount.mul(bs.entryFeeBeneficiaryShare).div(10**18)) <= this.getCap(), "MAX_POOL_CAP_REACHED" );
#0 - loki-sama
2021-12-22T12:03:42Z
Duplicate #283
59.8749 USDC - $59.87
gzeon
To keep the most precision, it is better to mul before div https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L260
return totalSupply.mul(annualizedFee).div(10**18).mul(timePassed).div( 365 days );
to
return totalSupply.mul(annualizedFee).mul(timePassed).div(10**18).div( 365 days );
#0 - 0xleastwood
2022-01-23T05:32:11Z
Duplicate of #155
182.5175 USDC - $182.52
gzeon
In joinPool the amount of token required from the sender is calculated as follow
https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L162
uint256 tokenAmount = balance(address(token)).mul(_amount.add(feeAmount)).div( totalSupply ); require(tokenAmount != 0, "AMOUNT_TOO_SMALL"); token.safeTransferFrom(msg.sender, address(this), tokenAmount);
If token is a fee on transfer token, the basket would receive less than tokenAmount which is undesirable
Consider
A and B got the same amount of $BASKET despite B pay less $SHIT
Check before and after balance to make sure tokenAmount is received, but it is a bit tricky as how to transfer the right amount of token to account for the fee. Need to make sure user don't add fee-on-transfer token to the basket.
#0 - 0xleastwood
2022-01-18T10:46:46Z
@loki-sama I can't see anywhere to suggest that you guys intend to support these types of tokens. Can you confirm?
#1 - 0xleastwood
2022-01-22T03:38:57Z
Regardless, I don't think I can argue the issue to be high. At most it would be medium. So I'll mark it down until @loki-sama can respond.
#2 - 0xleastwood
2022-01-23T04:46:19Z
Duplicate of #220
gzeon
uint256 length = bs.tokens.length; // remove token from array for (uint256 i; i < length; i++) { if (address(bs.tokens[i]) == _token) { bs.tokens[i] = bs.tokens[length - 1]; bs.tokens.pop(); emit TokenRemoved(_token); break; } }
#0 - 0xleastwood
2022-01-24T09:45:47Z
Duplicate of #249
14.2759 USDC - $14.28
gzeon
Constant expressions are left as expressions and will recalculate on read, it is recommended to use immutable instead. Ref: https://github.com/ethereum/solidity/issues/9232#issuecomment-646131646
https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/LibBasketStorage.sol#L7 https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Call/LibCallStorage.sol#L5 https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/ERC20/LibERC20Storage.sol#L5
#0 - 0xleastwood
2022-01-23T22:11:25Z
Duplicate of #281