Platform: Code4rena
Start Date: 13/11/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 120
Period: 4 days
Judge: 0xTheC0der
Id: 306
League: ETH
Rank: 41/120
Findings: 1
Award: $47.82
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: chaduke
Also found by: 0xpiken, Bauchibred, Matin, MohammedRizwan, MrPotatoMagic, OMEN, Pheonix, SandNallani, T1MOH, Topmark, ZanyBonzy, adriro, aslanbek, ayden, bareli, bart1e, bin2chen, btk, cheatc0d3, codynhat, critical-or-high, d3e4, erebus, firmanregar, hunter_w3b, jasonxiale, kaveyjoe, ksk2345, lsaudit, max10afternoon, merlinboii, nailkhalimov, osmanozdemir1, peanuts, pep7siup, pontifex, sbaudh6, shenwilly, sl1, tourist, wisdomn_, young, zhaojie
47.8152 USDC - $47.82
Description: The constructor of the asD contract does not validate if the _cNote address provided is a valid contract address. This could lead to issues if an incorrect address is provided.
Recommendation: Implement a check to ensure that _cNote is a contract address.
Description: The asd contract assumes that the cNote token's mint and redeemUnderlying functions return 0 on success. If the cNote token's implementation changes, this could lead to incorrect behavior.
Recommendation: Instead of relying on a specific return value, consider handling potential reverts or errors from these functions.
Description: The contract does not handle the case where _amount is 0 in the withdrawCarry function. This could lead to unnecessary gas costs for the owner.
Recommendation: Implement a check to return early if _amount is 0 to avoid unnecessary gas costs.
Description: The contract does not check if the Turnstile contract's register function was successful. If the registration fails, the contract may not behave as expected.
Recommendation: Implement a check to ensure that the register function was successful.
Description: The contract does not handle the case where the cNote token's mint function reverts or fails. This could lead to loss of funds for the user.
Recommendation: Implement error handling for the mint function to prevent potential loss of funds.
Description: The contract does not handle the case where the cNote token's redeemUnderlying function reverts or fails. This could lead to loss of funds for the user.
Recommendation: Implement error handling for the redeemUnderlying function to prevent potential loss of funds.
Description: tx.origin in the constructor which can lead to potential security issues. tx.origin represents the original sender of the transaction, which can be different from msg.sender if a contract function is called by another contract. It's generally recommended to avoid using tx.origin unless absolutely necessary. This could potentially allow an attacker to manipulate the transaction origin.
Recommendation: Replace tx.origin with msg.sender or implement additional checks to ensure the integrity of the transaction origin.
Description: The create function allows any external account to create a new token. Depending on the use case, this could be a potential security issue if you want to limit who can create new tokens. This could potentially lead to an overflow of tokens, diluting their value and disrupting the ecosystem.
Recommendation: Implement access control mechanisms to restrict who can call the create function.
Description: The contract does not check if the _cNote address provided in the constructor is a valid contract address. This could lead to issues if an invalid address is provided. This could potentially lead to loss of funds or disruption of contract functionality.
Recommendation: Implement a check to ensure that the _cNote address provided is a valid contract address.
#0 - c4-judge
2023-11-29T23:14:18Z
MarioPoneder marked the issue as grade-b
#1 - c4-judge
2023-11-29T23:52:40Z
MarioPoneder marked the issue as grade-a