Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 28/65
Findings: 3
Award: $84.51
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: pedroais
Also found by: 0x4non, 0x52, 0xf15ers, 0xliumin, CertoraInc, Dravee, GimelSec, IllIllI, MaratCerby, StErMi, TerrierLover, WatchPug, berndartmueller, cccz, dipp, fatherOfBlocks, hake, hickuphh3, hyh, isamjay, mtz, oyc_109, p4st13r4, peritoflores, rotcivegaf, saian, simon135, sorrynotsorry, sseefried, tabish, z3s
14.8433 USDC - $14.84
User can have his collateral burned (LendingPool.sol#L324) and not receive funds from the Vault when calling withdrawCollateral.
(bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}(''); return receivedETHAmount; require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);
The call boolean check is unreachable because it only occurs after the function has already ceased execution with return above.
Scenario:
withdrawCollateral._withdrawFromYieldPool fails but doesn't revert due to return placement.withdrawAmount still reflects receivedETHAmount.Please change check position so it is reachable:
(bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}(''); require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID); return receivedETHAmount;
#0 - sforman2000
2022-05-18T03:12:05Z
๐ Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, AlleyCat, BouSalman, Dravee, Funen, GimelSec, Hawkeye, MaratCerby, Picodes, StErMi, TerrierLover, WatchPug, Waze, berndartmueller, bobirichman, cryptphi, csanuragjain, defsec, delfin454000, dipp, fatherOfBlocks, hake, hickuphh3, hyh, joestakey, kebabsec, mics, mtz, oyc_109, p4st13r4, p_crypt0, robee, rotcivegaf, sikorico, simon135, sorrynotsorry, tintin
45.925 USDC - $45.92
Older compilers might be susceptible to some bugs.
I recommend changing the solidity version pragma to the latest version to enforce the use of an up-to-date compiler.
A list of known compiler bugs and their severity can be found here: https://etherscan.io/solcbuginfo
approveThe ERC20.approve() function returns a boolean value indicating success. This parameter needs to be checked for success.
I recommend using OpenZeppelinโs safeApprove function that handle the return value check as it was done it the other contracts.
safeApprove has been deprecatedConsider using safeIncreaseAllowance and safeDecreaseAllowance instead.
#0 - HickupHH3
2022-06-06T07:46:43Z
low: safeApprove, unsafe approve nc: outdated compiler version
๐ Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, Cityscape, Dravee, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, SooYa, StErMi, Tomio, WatchPug, Waze, bobirichman, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hickuphh3, ignacio, joestakey, kebabsec, mics, mtz, oyc_109, robee, rotcivegaf, samruna, sikorico, simon135, z3s
23.7537 USDC - $23.75
for loop gas optimizationGas could be saved by:
for (uint256 i = 0; i < extraRewardsLength; i++) { address _extraReward = IConvexBaseRewardPool(baseRewardPool) .extraRewards(i); address _rewardToken = IRewards(_extraReward).rewardToken(); _transferYield(_rewardToken); }
Example:
for (uint256 i; i < extraRewardsLength;) { address _extraReward = IConvexBaseRewardPool(baseRewardPool) .extraRewards(i); address _rewardToken = IRewards(_extraReward).rewardToken(); _transferYield(_rewardToken); unchecked { ++i; } }