Platform: Code4rena
Start Date: 16/01/2024
Pot Size: $80,000 USDC
Total HM: 37
Participants: 178
Period: 14 days
Judge: Picodes
Total Solo HM: 4
Id: 320
League: ETH
Rank: 115/178
Findings: 1
Award: $39.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: peanuts
Also found by: 0xAsen, 0xHelium, 0xSmartContract, 0xepley, DedOhWale, K42, LinKenji, Sathish9098, ZanyBonzy, catellatech, fouzantanveer, foxb868, hassanshakeel13, hunter_w3b, jauvany, kaveyjoe, kinda_very_good, klau5, niroh, rspadi, yongskiws
39.3353 USDC - $39.34
Description: Depositing and collateral addition does not rely on price returned by aggregator meaning the first depositer would determine the price ratio of the pool
Impact: The protocol would be griefed
Recommended Mitigation: The initial addition of liquidity especially in the important pools (weth,wbtc and dai) should be made off a price feed
Description: PriceAggregator::setInitialFeeds allows the owner to set the priceFeeds before the cooldown period is over
Impact: owner could set bad feed
Recommended Mitigation: PriceAggregator::setInitialFeeds should only be callable once
Description: AggregatePrice::_aggregate would return zero if the two closest prices are exactly the same
Impact: Users could be griefed
if ( (_absoluteDifference(priceA, priceB) * 100000) / averagePrice > maximumPriceFeedPercentDifferenceTimes1000 ) if the two prices are exactly the same their absolute difference would be zero
Recommended Mitigation: A check should be included to check if the two prices are exactly the same and then one of the prices could be returned
22 hours
#0 - c4-judge
2024-02-03T14:39:42Z
Picodes marked the issue as grade-b
#1 - Picodes
2024-02-03T14:40:45Z
These are more findings than an analysis?