Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 205/246
Findings: 1
Award: $11.13
🌟 Selected for report: 0
🚀 Solo Findings: 0
11.1318 USDC - $11.13
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L87
The stake() function in the contract allows the contract owner to define the weight of each derivative used in the calculation of the total stake value. If this is set to zero, no safeEth token is minted but is instead transferred to the contract owner
If a derivative is set with a weight of zero: the proceeding code block which determines the mintAmount in the stake() function is skipped and any msg.value sent to the function is not used to mint tokens, but instead is transferred to the contract owner.
Manual Review
It is recommended to modify the stake() function to handle the case when a derivative's weight is set to zero. One possible solution could be to check if the weight is zero and revert the transaction if this is the case, to prevent users from losing their funds. Alternatively, the contract owner could be prevented from setting the weight of a derivative to zero altogether.
#0 - c4-pre-sort
2023-04-02T20:03:47Z
0xSorryNotSorry marked the issue as low quality report
#1 - c4-pre-sort
2023-04-04T19:18:56Z
0xSorryNotSorry marked the issue as duplicate of #363
#2 - c4-judge
2023-04-21T16:30:33Z
Picodes marked the issue as satisfactory