Platform: Code4rena
Start Date: 10/05/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 100
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 1
Id: 122
League: ETH
Rank: 65/100
Findings: 1
Award: $57.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hubble
Also found by: 0x1337, 0x1f8b, 0x4non, 0xDjango, 0xf15ers, 0xsanson, 242, Aits, AlleyCat, Bludya, BondiPestControl, BouSalman, BowTiedWardens, CertoraInc, Cityscape, Czar102, FSchmoede, Funen, Hawkeye, IllIllI, JDeryl, Kenshin, Kumpa, MaratCerby, MiloTruck, Picodes, Ruhum, TrungOre, VAD37, WatchPug, Waze, antonttc, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, dipp, dirk_y, djxploit, eccentricexit, ellahi, fatherOfBlocks, hake, hansfriese, hickuphh3, horsefacts, hyh, jah, joestakey, mics, minhquanym, pedroais, pmerkleplant, radoslav11, reassor, rfa, robee, seanamani, shenwilly, shung, sikorico, sorrynotsorry, sseefried, z3s
57.1678 USDC - $57.17
Revert message is now misleading
Revert is performed (correctly) when dutchAuctionReserveStrike is too big, while the message states otherwise:
require(dutchAuctionReserveStrike < strikeOptions[dutchAuctionStartingStrikeIndex], "Reserve strike too small");
Consider changing to:
require(dutchAuctionReserveStrike < strikeOptions[dutchAuctionStartingStrikeIndex], "Reserve strike too big");
If there be any emergency with system contracts, there is no way to temporary stop the operations.
The contract doesn't have pausing functionality for new operation initiation.
For example, createVault and buyOption cannot be temporary paused:
/// @notice Creates a new vault that perpetually sells calls /// on the underlying assets until a call option is exercised /// or the owner initiates a withdrawal. /// @param tokenIdOrAmount The tokenId (NFT) or amount (ERC20) to vault /// @param token The address of the NFT or ERC20 contract to vault /// @param premiumIndex The index into the premiumOptions of each call that is sold /// @param durationDays The length/duration of each call that is sold in days /// @param dutchAuctionStartingStrikeIndex The index into the strikeOptions for the starting strike for each dutch auction /// @param dutchAuctionReserveStrike The reserve strike for each dutch auction /// @param tokenType The type of the underlying asset (NFT or ERC20) function createVault(
/// @notice Buys an option from a vault at a fixed premium and variable strike /// which is dependent on the dutch auction. Premium is credited to /// vault beneficiary. /// @param vaultId The tokenId of the vault to buy the option from function buyOption(uint256 vaultId) external payable returns (uint256 optionId) {
Consider making all new actions linked user facing functions pausable, first of all createVault and buyOption.
For example, by using OpenZeppelin's approach:
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol
It can be cumbersome for user to reproduce exact figure when manually dealing with the contract
Exercise now require exact strike to be sent over:
// check correct ETH amount was sent to pay the strike require(msg.value == vault.currentStrike, "Incorrect ETH sent for strike");
Strike figure can have many meaningful digits as it's calculated via power law decline:
uint256 auctionStrike = (progress * progress * startingStrike) / (1e18 * 1e18);
Consider allowing dust in msg.value (it will also align with premium logic):
// check correct ETH amount was sent to pay the strike require(msg.value >= vault.currentStrike, "Incorrect ETH sent for strike");
#0 - outdoteth
2022-05-16T19:08:44Z
first report that has recommended changing the check in exercise to be less explicit. The argument is valid, but generally it should be the other way around. There is no need for a user to lose funds for the sake of convenience. Whatever library is used should be capable of generating 1e18 precision to ensure the correct value is sent.