Sublime contest - kenta's results

Lines of code

https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/LenderPool.sol#L327

Vulnerability details

Impact

The return value of the transfer is not checked. You already imported SafeERC20 into this contract, so you can use it to resolve this issue.

Proof of Concept

https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/LenderPool.sol#L327

Tools Used

manual code review

Recommended Mitigation Steps

IERC20(_borrowAsset).safeTransfer(_to, _fee);

Sublime-v1 gas optimization

1 code duplication. The following functions contain the same code. To save deployment gas costs you can use internal function for duplication code. If you can use the same error message you can save a little bit more gas. Please check the following example.

https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/Verification/twitterVerifier.sol#L154-L178

function unregisterSelf() external { string memory _userdata = userData[msg.sender].twitterId; unregister(_userdata, msg.sender); }

/**

• @notice used to unregister user
• @dev owners can unregister users */ function unregisterUser(address _user) external onlyOwner { string memory _userdata = userData[_user].twitterId; unregister(_userdata, _user); }

function unregister(string memory _userdata, address _user) internal { require(bytes(_userdata).length != 0, 'UR1'); delete twitterIdMap[_userdata]; delete userData[_user]; verification.unregisterMasterAddress(_user, address(this)); emit UserUnregistered(_user); }

2 _minBorrowLimitInUSD is used only one time in the _limitBorrowedInUSD, so you can delete _minBorrowLimitInUSD to save gas. https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/PooledCreditLine.sol#L395-L396

require(_minBorrowAmount.mul(_ratioOfPrices).div(10**_decimals >= _borrowLimitMin, 'ILB3');

3 use cache for pooledCLConstants[_id] in _accept. In _accept pooledCLConstants[_id] will be called many times. To save gas you can cache pooledCLConstants[_id].

https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/LenderPool.sol#L332-L343

function _accept(uint256 _id, uint256 _amount) internal { LenderPoolConstants storage pooledCLConstant = pooledCLConstants[_id]; address _borrowAsset = pooledCLConstant.borrowAsset; address _strategy = pooledCLConstant.borrowAssetStrategy; IERC20(_borrowAsset).safeApprove(_strategy, _amount); pooledCLVariables[_id].sharesHeld = SAVINGS_ACCOUNT.deposit(_borrowAsset, _strategy, address(this), _amount);

    POOLED_CREDIT_LINE.accept(_id, _amount);

    pooledCLConstant.borrowLimit = _amount;
    delete pooledCLConstant.startTime;
    delete pooledCLConstant.minBorrowAmount;
}