Platform: Code4rena
Start Date: 28/09/2023
Pot Size: $36,500 USDC
Total HM: 5
Participants: 115
Period: 6 days
Judge: 0xDjango
Total Solo HM: 1
Id: 290
League: ETH
Rank: 66/115
Findings: 2
Award: $20.06
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Bauchibred
Also found by: 0x3b, 0xDetermination, 0xMosh, 0xScourgedev, 0xTheC0der, 0xTiwa, 0xWaitress, 0xdice91, 0xfusion, 0xpiken, 0xprinc, 0xweb3boy, ArmedGoose, Aymen0909, Breeje, Brenzee, Daniel526, DavidGiladi, DeFiHackLabs, Flora, Fulum, HChang26, Hama, IceBear, J4X, Krace, KrisApostolov, Maroutis, Mirror, MohammedRizwan, Norah, PwnStars, SPYBOY, TangYuanShen, Testerbot, ThreeSigma, Tricko, al88nsk, alexweb3, ast3ros, berlin-101, bin2chen, blutorque, btk, d3e4, deth, e0d1n, ether_sky, ge6a, gkrastenov, glcanvas, hals, imare, inzinko, jkoppel, jnforja, joaovwfreire, josephdara, kutugu, lotux, lsaudit, mahdirostami, merlin, n1punp, nadin, neumo, nisedo, nobody2018, oakcobalt, orion, peanuts, pep7siup, pina, ptsanev, rokinot, rvierdiiev, said, santipu_, sashik_eth, seerether, squeaky_cactus, terrancrypt, tonisives, twicek, vagrant, xAriextz, y4y
4.3669 USDC - $4.37
https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L111 refers to the Prime contract being upgradable. However, it is not upgradable.
At https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L184 , it uses .underlying to ge the underlying asset of a vToken. However, this does not work for VBNB. Use Prime._getUnderlying instead.
The code at https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L661 does not work if a vToken has more than 18 decimals.
#0 - c4-pre-sort
2023-10-07T02:19:48Z
0xRobocop marked the issue as low quality report
#1 - c4-judge
2023-11-03T02:23:31Z
fatherGoose1 marked the issue as grade-b
#2 - c4-judge
2023-11-03T02:24:08Z
fatherGoose1 removed the grade
#3 - c4-judge
2023-11-03T02:24:13Z
fatherGoose1 marked the issue as grade-b
🌟 Selected for report: DavidGiladi
Also found by: 0x3b, 0xWaitress, 0xhacksmithh, 0xprinc, hihen, jkoppel, lsaudit, oakcobalt, pavankv, pontifex
15.6862 USDC - $15.69
accrueInterestaccrueInterest is called a lot. Many of these calls are redundant. For instance, in updateScores:
for (uint256 i = 0; i < users.length; ) { // ... for (uint256 j = 0; j < _allMarkets.length; ) { address market = _allMarkets[j]; _executeBoost(user, market); // ... } // ...
This loop calls _executeBoost on the same market once per user. _executeBoost in turn calls accrueInterest on that market. These calls are redundant.
payableReason: Solidity compiler emits extra code to check that value == 0. Privileged functions can be assumed not to accidentally be called with native token, making this unnecessary
#0 - c4-pre-sort
2023-10-07T02:29:15Z
0xRobocop marked the issue as low quality report
#1 - c4-pre-sort
2023-10-07T02:33:55Z
0xRobocop marked the issue as sufficient quality report
#2 - c4-judge
2023-11-03T16:32:34Z
fatherGoose1 marked the issue as grade-b