Back to gzeon's contests

Yeti Finance contest - gzeon's results

Portfolio borrowing. 11x leverage. 0% interest.

General Information

Platform: Code4rena

Start Date: 16/12/2021

Pot Size: $100,000 USDC

Total HM: 21

Participants: 25

Period: 7 days

Judge: alcueca

Total Solo HM: 12

Id: 66

League: ETH

Yeti Finance

Findings Distribution

Researcher Performance

Rank: 16/25

Findings: 3

Award: $1,245.19

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYeti Finance

Findings Information

🌟 Selected for report: Jujic

Also found by: gzeon

Labels

bug
duplicate
2 (Med Risk)

Awards

717.2479 USDC - $717.25

External Links

Link to GitHub issue

Handle

gzeon

Vulnerability details

Impact

Each additional collateral will increase gas required for many operations, e.g. Liquidation. If there are too many collateral it may exceed the block gas limit.

Proof of Concept

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/Dependencies/Whitelist.sol#L105

Define a max number of collateral asset

#0 - kingyetifinance

2022-01-05T10:15:33Z

@LilYeti: Duplicate of #151

Findings Information

🌟 Selected for report: cmichel

Also found by: csanuragjain, gzeon

Labels

bug
duplicate
2 (Med Risk)

Awards

430.3487 USDC - $430.35

External Links

Link to GitHub issue

Handle

gzeon

Vulnerability details

Impact

In addCollateral of Whitelist.sol, whatever in index 0 of validCollateral can be added multiple times.

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/Dependencies/Whitelist.sol#L105

        if (validCollateral.length != 0 && validCollateral[0] != _collateral) {
            require(collateralParams[_collateral].index == 0, "collateral already exists");
        }

Proof of Concept

e.g. The following would not revert

await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);
await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);
await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);

        if (validCollateral.length != 0) {
            require(validCollateral[0] != _collateral && collateralParams[_collateral].index == 0, "collateral already exists");
        }

#0 - kingyetifinance

2022-01-05T09:26:41Z

@LilYeti: Duplicate of #142

Findings Information

🌟 Selected for report: gzeon

Labels

bug
G (Gas Optimization)
sponsor confirmed

Awards

97.5905 USDC - $97.59

External Links

Link to GitHub issue

Handle

gzeon

Vulnerability details

Impact

The 3 variable defined in L365-367 are used only once https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/Dependencies/Whitelist.sol#L365-367

        uint256 price = getPrice(_collateral);
        uint256 decimals = collateralParams[_collateral].decimals;
        uint256 ratio = collateralParams[_collateral].ratio;

We can skip them and do everything inline:

return (getPrice(_collateral).mul(_amount).mul(collateralParams[_collateral].ratio).div(10**(18 + collateralParams[_collateral].decimals)));

Similarly, L352-354

        return getPrice(_collateral).mul(_amount).div(10**collateralParams[_collateral].decimals);

#0 - kingyetifinance

2022-01-06T09:42:42Z

@LilYeti : Internal note: Provide comment for clarity because this code will be messy

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter