Platform: Code4rena
Start Date: 21/11/2022
Pot Size: $90,500 USDC
Total HM: 18
Participants: 101
Period: 7 days
Judge: Picodes
Total Solo HM: 4
Id: 183
League: ETH
Rank: 61/101
Findings: 1
Award: $53.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 0xAgro, 0xNazgul, 0xPanda, 0xbepresent, 0xfuje, Awesome, B2, Bnke0x0, Deivitto, Diana, Funen, Jeiwan, JohnSmith, Josiah, R2, RaymondFam, Rolezn, Sathish9098, Waze, adriro, aphak5010, brgltd, btk, carrotsmuggler, ch0bu, chaduke, codeislight, codexploder, cryptostellar5, csanuragjain, danyams, datapunk, delfin454000, deliriusz, eierina, erictee, fatherOfBlocks, gz627, gzeon, hansfriese, hihen, jadezti, joestakey, keccak123, martin, nameruse, oyc_109, pedr02b2, perseverancesuccess, rbserver, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, subtle77, unforgiven, xiaoming90, yixxas
53.4851 USDC - $53.49
File: src/vaults/PirexERC4626.sol 2: pragma solidity >=0.8.0;
To replace pragma solidity >=0.8.0; with pragma solidity 0.8.17; so as to be consistent with other smart contract files.
Instances (2)
Instance 1:
File: src/PirexRewards.sol 336: @return rewardAmounts ERC20[] Reward token amounts 343: uint256[] memory rewardAmounts
The above Line 336 should be: @return rewardAmounts int256[] Reward token amounts, with reference to Line 343.
Instance 2:
File: src/vaults/AutoPxGlp.sol 86: // Approve the Uniswap V3 router to manage our base reward (inbound swap token) 87: gmxBaseReward.safeApprove(address(_platform), type(uint256).max);
The above Line 86 Approve the Uniswap V3 router to manage our base reward (inbound swap token) should be Approve the platform (e.g. PirexGmx) to manage our base reward (inbound swap token)
owner is shadowed by function parameterInstances (6)
Contract AutoPxGmx and AutoPxGlp are owned contracts which inherit the state variable owner. However, several functions of the contracts shadow the state variable owner. This may confuse users. The suggestion is to change the function parameter to address _owner and make correspoding changes in the function body.
Instance 1: File: src/vaults/AutoPxGmx.sol Line 342: address owner
Instance 2: File: src/vaults/AutoPxGmx.sol Line 318: address owner
Instance 3: File: src/vaults/AutoPxGlp.sol Line 439: address owner
Instance 4: File: src/vaults/AutoPxGlp.sol Line 452: address owner
Instance 5: File: src/vaults/AutoPxGlp.sol Line 488: address owner
Instance 6: File: src/vaults/AutoPxGlp.sol Line 502: address owner
AutoPxGmx.compound() function should be refactoredFunction setPoolFee() set the state variable poolFee. So, function AutoPxGmx.compound() can use the poolFee directly and remove the fee parameter from its input parameters. Removing fee parameter also (1) reduces the risk of setting it to an inappropriate value by a user when calling the compound() function, (2) saves gas.
Changes to make:
1 Remove Line 243: uint24 fee,
2 Replace Line 272: fee: fee, with fee: poolFee,
Other relevant changes: Replace Line 321, Line 345, and Line 227 with compound(1, 0, true);
#0 - c4-judge
2022-12-04T20:34:11Z
Picodes marked the issue as grade-a
#1 - c4-sponsor
2022-12-09T07:44:24Z
drahrealm marked the issue as sponsor confirmed
#2 - c4-judge
2023-01-01T10:27:45Z
Picodes marked the issue as grade-b