Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 17/30
Findings: 2
Award: $672.34
🌟 Selected for report: 2
🚀 Solo Findings: 0
🌟 Selected for report: joeysantoro
333.9773 USDC - $333.98
joeysantoro
If any of the timelocked variables of a basket are pending a change, a transaction to change the target will revert during the timelock window.
Publisher wants to change license fee. They submit a change request but fat finger with the wrong value. The only way to change the pending licenseFee is to complete the change to the incorrect value (after timelock period) then resubmit a new request.
In the case of changing index this can be mitigated by using deleteNewIndex(), however changePublisher and changeLicenseFee cannot be mitigated.
Introduce a "setPendingX" method for each of liscenceFee, publisher, and index. This cleanly separates the logic and allows for overwrite of pending during timelock window.
#0 - GalloDaSballo
2021-12-02T01:17:54Z
100% agree with the finding, because of a lack of specific griefing / attack vector, agree with a low severity
Most protocols solve this issue by having a proposeFunction that can be called at any time, and an accept function that only works via timelock.
🌟 Selected for report: joeysantoro
333.9773 USDC - $333.98
joeysantoro
Enforces fees go to DAO/Factory owner address exclusively. If the DAO owner is ever revoked for decentralization reasons, the handleFees() method would revert when attempting to mint.
handleFees() uses the owner of Factory. If owner is changed to address(0), the fees would minter to 0 address. However OpenZeppelin ERC20 library reverts if tokens are transferred or minted to the 0 address.
Add a feeTo public address in the factory used for sending fees, configurable by governance.
#0 - GalloDaSballo
2021-12-02T01:20:06Z
Great find!
🌟 Selected for report: leastwood
Also found by: cmichel, csanuragjain, itsmeSTYJ, joeysantoro, kenzo, pauliax
4.3799 USDC - $4.38
joeysantoro
Basket.validateWeights does a nested for loop to check uniqueness of tokens, increasing gas costs
If you add a line checking the tokens are provided in sorted order with a strict inequality, this would enforce uniqueness without the nested loop. Likewise you can move the check != address(0) outside the main loop to further save gas
#0 - GalloDaSballo
2021-11-26T17:12:46Z
Duplicate of #160