Platform: Code4rena
Start Date: 07/01/2022
Pot Size: $80,000 USDC
Total HM: 21
Participants: 37
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 71
League: ETH
Rank: 22/37
Findings: 1
Award: $527.31
🌟 Selected for report: 2
🚀 Solo Findings: 0
170.9781 INSURE - $59.84
103.8081 USDC - $103.81
hubble
Inconsistency in pragma solidity versions in different solidity files.
File : InsureDAOERC20.sol pragma solidity ^0.8.0;
All other solidity files in the project pragma solidity 0.8.7;
Manual review
Set the version to 0.8.7 in the InsureDAOERC20.sol file
#0 - oishun1112
2022-01-18T09:29:36Z
🌟 Selected for report: hubble
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
hubble
Input validation required for few important parameters as mentioned in the below functions.
File : Parameters.sol
line 120 : function setUpperSlack(address _address, uint256 _target)
Need to check that the _target value should be less than or equal to 100% (1000)
line 134 : function setLowerSlack(address _address, uint256 _target) Need to check that the _target value should be less than or equal to corresponding UpperSlack Value
line 177 : function setFeeRate(address _address, uint256 _target)
Need to check that the _target value should be less than or equal to 1e6 (1000000)
line 191 : function setMaxList(address _address, uint256 _target)
Need to check that the _target value should be greater than 1
Manual review
Add require statements with proper value and comments for the respective input fields as given above
#0 - 0xkenta
2022-01-22T07:21:48Z
setUpperSlack @param _target parameter (slack rate 100% = 1000 Need to check that the _target value should be less than or equal to 100% (1000)
But test cases use 5000 etc. Can I update tests case too?
#1 - oishun1112
2022-01-25T12:43:54Z
no, upperSlack can be 100% or even higher.
#2 - oishun1112
2022-01-25T12:44:50Z
So, we don't set upper bound for setUpperSlack() and
#3 - 0xkenta
2022-01-25T13:10:20Z
OK, I have to study more this protocol. Thank you for your comment!
#4 - kohshiba
2022-02-07T09:16:44Z
Upper slack and lower slack are set toward opposite directions Lower slack = set slack for below target leverage Upper slack = set slack for above target leverage so we don't need to limit lower slack to be smaller than upper slack