Platform: Code4rena
Start Date: 07/01/2022
Pot Size: $80,000 USDC
Total HM: 21
Participants: 37
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 71
League: ETH
Rank: 11/37
Findings: 2
Award: $1,586.06
🌟 Selected for report: 5
🚀 Solo Findings: 0
37.3929 INSURE - $13.09
22.7028 USDC - $22.70
hyh
If market creation wasn’t successful the Factory.createMarket will fail with low level message on trying to use a freshly created market contract. This behavior can be an issue for troubleshooting and further programmatic usages by other projects.
createMarket uses _createClone to instantiate new contract:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L210
createClone doesn't check the result of create opcode, returning any result:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L256
createMarket uses the market created, and when creation has failed the system will revert in Registry function down the line:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Registry.sol#L55
Check for zero address create output and fail with the corresponding message
#0 - 0xean
2022-01-27T22:52:59Z
dupe of #120
🌟 Selected for report: hyh
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
hyh
System will fail on low-level subtraction without proper logic level error, which can be an issue for troubleshooting and further programmatic usages by other projects.
Whenever user lacks _attributions (Vault shares) for the withdraw amount requested, the system will fail on subtraction:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Vault.sol#L160
Consider adding a check for the enough _attributions throwing a corresponding error
🌟 Selected for report: hyh
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
hyh
System will fail with obscure low-level array access message without proper logic level error, which can be an issue for troubleshooting and further programmatic usages by other projects.
Whenever _references or _conditions are too big the system will fail on index out of bounds error:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L175-191
Consider adding a check for the upper bound of arrays length
37.3929 INSURE - $13.09
22.7028 USDC - $22.70
hyh
Assert will consume all the available gas, providing no additional benefits when being used instead of require, that both returns gas and allows for error message. This way using assert in production isn't recommended.
Two contracts now use assert:
InsureDAOERC20
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/InsureDAOERC20.sol#L32
Vault
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Vault.sol#L168
Substitute assert with require in both cases
#0 - oishun1112
2022-01-13T11:24:06Z
#1 - 0xean
2022-01-27T23:23:06Z
#234
#2 - 0xean
2022-02-22T13:59:26Z
Moving these to dupe of #21
🌟 Selected for report: hyh
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
hyh
setKeeper / utilize descriptions state that it is controller who is set / can run utilize, while keeper and controller are two separate roles, which don't have to coincide.
I.e. the descriptions now mix up the roles and are confusing this way.
setKeeper:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Vault.sol#L499
utilize:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Vault.sol#L339
Update the descriptions to relate to the keeper role.
🌟 Selected for report: hyh
62.2711 INSURE - $21.79
32.6923 USDC - $32.69
hyh
Gas is overspent on the function call
availableBalance calls totalLiquidity() twice:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L835
Save the call result to memory and use it
6.1284 INSURE - $2.14
3.2174 USDC - $3.22
hyh
Gas is overspend on checks
Amounts are subtracted after require checks in two cases, so the subtractions itself can be unchecked.
withdraw: check https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L318 subtraction https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L327
withdrawCredit: check https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L425 subtraction https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L439
Make unchecked both subtraction operations
#0 - 0xean
2022-01-28T02:49:09Z
dupe of #66
🌟 Selected for report: hyh
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
hyh
Underlying and index tokens are mixed up in the worth() function description, making code and its description conflicting
Worth() computes how many iTokens correspond to given amount of underlying. The description says otherwise, mixing them up:
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L794-798
Fix the description to say that ‘_value' is the amount of underlying, while the '_amount' is the corresponding output quantity of iTokens