Platform: Code4rena
Start Date: 04/05/2022
Pot Size: $50,000 DAI
Total HM: 24
Participants: 71
Period: 5 days
Judge: Justin Goro
Total Solo HM: 14
Id: 119
League: ETH
Rank: 45/71
Findings: 2
Award: $115.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: horsefacts
Also found by: 0x1f8b, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, AlleyCat, Bruhhh, Dravee, Funen, GimelSec, Hawkeye, IllIllI, MaratCerby, PPrieditis, Picodes, Ruhum, TerrierLover, VAD37, berndartmueller, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, hickuphh3, hyh, ilan, joestakey, juicy, kebabsec, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, sorrynotsorry, throttle
76.7115 DAI - $76.71
contracts/PermissionlessBasicPoolFactory.sol :214 the require() function accepts a case in which recept.owner == msg.sender OR block.timestamp > pool.endTime - based on the error message it is unclear whether this is the intended behaviour or if the function should, instead of ||, use && :282 note this does not support tokens with other than 18 decimals
contracts/FixedPricePassThruGate.sol :15 suggest to rename the variable as weiCost for clarity (e.g. on row 48, it is compared against msg.value which is denominated in wei)
contracts/SpeedBumpPriceGate.sol :49 suggest to rename the variable as weiCost for clarity
#0 - illuzen
2022-05-10T08:39:49Z
214: error message could be made clearer, this is expected behavior 282: duplicate 15: valid 49: valid
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, CertoraInc, Dravee, Funen, GimelSec, Hawkeye, PPrieditis, Picodes, Ruhum, TerrierLover, Tomio, VAD37, Waze, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, ilan, joestakey, juicy, minhquanym, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, z3s
39.0982 DAI - $39.10
contracts/PermissionlessBasicPoolFactory.sol :112 the require() function refunds any left over gas to the user in case it reverts. Calling the function before setting the variables will save the user gas in case the function reverts. I suggest moving the function to line 103. :185 instead of testing the pool.totalDepositsWei < pool.maximumDepositsWei case each time the deposit() function is ran, I suggest to save the pool state as a boolean, e.g. "bool isFull" which is set to FALSE at initiation and to true within the if loop of line 186
contracts/FixedPricePassThruGate.sol :51 remove if qualification (is there any reason for the msg.value to be non-zero if it passes the require() on row 48?)
contracts/SpeedBumpPriceGate.sol :55 change if evaluation from < to <= to save on computations in the case where priceFloor and lastPrice - decay are the same :77 remove if qualification (is there any reasons for the msg.value to be non-zero if it passes require() on row 67?)
#0 - illuzen
2022-05-10T08:37:20Z
112: valid 185: this would involve two checks instead of one in the typical case that the pool is not full 51: debatable and duplicate 55: valid, but very unlikely 77: debatable and duplicate