Back to jasonxiale's contests

Astaria contest - jasonxiale's results

On a mission is to build a highly liquid NFT lending market.

General Information

Platform: Code4rena

Start Date: 05/01/2023

Pot Size: $90,500 USDC

Total HM: 55

Participants: 103

Period: 14 days

Judge: Picodes

Total Solo HM: 18

Id: 202

League: ETH

Astaria

Findings Distribution

Researcher Performance

Rank: 83/103

Findings: 1

Award: $51.32

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAstaria

Findings Information

🌟 Selected for report: ladboy233

Also found by: 0x1f8b, 0xAgro, 0xSmartContract, 0xbepresent, 0xkato, Aymen0909, CodingNameKiki, Cryptor, Deekshith99, Deivitto, HE1M, IllIllI, Kaysoft, Koolex, PaludoX0, Qeew, RaymondFam, Rolezn, Sathish9098, Tointer, a12jmx, arialblack14, ast3ros, ayeslick, bin2chen, btk, caventa, ch0bu, chaduke, chrisdior4, delfin454000, descharre, evan, fatherOfBlocks, georgits, gz627, jasonxiale, joestakey, kaden, lukris02, nicobevi, nogo, oberon, oyc_109, pfapostol, rbserver, sakshamguruji, seeu, shark, simon135, slvDev, synackrst, tnevler, whilom, zaskoh

Awards

51.3151 USDC - $51.32

Labels

bug
grade-b
QA (Quality Assurance)
Q-18

External Links

Link to GitHub issue

AstariaRouter.isValidRefinance doesn't correspond to the document.

According to https://docs.astaria.xyz/docs/protocol-mechanics/refinance, the code should look like

function isValidRefinance(
    ILienToken.Lien memory lien,
    LienDetails memory newLien
) external view returns (bool) {
    uint256 minNewRate = uint256(lien.rate) - minInterestBPS;

    return (newLien.rate >= minNewRate ||
        ((block.timestamp + newLien.duration - lien.start - lien.duration) >=
            minDurationIncrease));
}

Considering current source enhance the limit, I think the document should be updated

CollateralToken._listUnderlyingOnSeaport comment doesn't correspond to the code.

As https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/CollateralToken.sol#L507 shows,

function _listUnderlyingOnSeaport(
    CollateralStorage storage s,
    uint256 collateralId,
    Order memory listingOrder
) internal {
    //get total Debt and ensure its being sold for more than that

    if (listingOrder.parameters.conduitKey != s.CONDUIT_KEY) {
        revert InvalidConduitKey();
    }

but there is no code related to //get total Debt and ensure its being sold for more than that

LienToken.createLien comment doesn't correspond to the code.

As https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L400

function createLien(ILienToken.LienActionEncumber memory params)
    external
    requiresAuth
    validateStack(params.lien.collateralId, params.stack)
    returns (
        uint256 lienId,
        Stack[] memory newStack,
        uint256 lienSlope
    )
{
    LienStorage storage s = _loadLienStorageSlot();
    //0 - 4 are valid
    Stack memory newStackSlot;
    (lienId, newStackSlot) = _createLien(s, params);

    newStack = _appendStack(s, params.stack, newStackSlot);
    s.collateralStateHash[params.lien.collateralId] = keccak256(
        abi.encode(newStack)
    );

the comment //0 - 4 are valid should be add to https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L464

function _appendStack(
    LienStorage storage s,
    Stack[] memory stack,
    Stack memory newSlot
) internal returns (Stack[] memory newStack) {
    //0 - 4 are valid
    if (stack.length >= s.maxLiens) {
        revert InvalidState(InvalidStates.MAX_LIENS);
    }

#0 - c4-judge

2023-01-26T14:11:52Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter