Platform: Code4rena
Start Date: 13/11/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 120
Period: 4 days
Judge: 0xTheC0der
Id: 306
League: ETH
Rank: 89/120
Findings: 1
Award: $4.08
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: chaduke
Also found by: 0xpiken, Bauchibred, Matin, MohammedRizwan, MrPotatoMagic, OMEN, Pheonix, SandNallani, T1MOH, Topmark, ZanyBonzy, adriro, aslanbek, ayden, bareli, bart1e, bin2chen, btk, cheatc0d3, codynhat, critical-or-high, d3e4, erebus, firmanregar, hunter_w3b, jasonxiale, kaveyjoe, ksk2345, lsaudit, max10afternoon, merlinboii, nailkhalimov, osmanozdemir1, peanuts, pep7siup, pontifex, sbaudh6, shenwilly, sl1, tourist, wisdomn_, young, zhaojie
4.0797 USDC - $4.08
When the user/owner decides to partially withdraw the interest accrued, there is no way to know the maximum amount that can be withdrawn upfront.
The only way to know the amount is, pass 0 to method withdrawCarry, which then fully withdraws the maximum withdrawal accrued interest (not what the user wanted).
It impacts the partial withdrawal capability of user.
Manual review
function maxWithdrawableAmount() public view returns (uint256 maximumWithdrawable) { uint256 maximumWithdrawable = (CTokenInterface(cNote).balanceOf(address(this)) * exchangeRate) / 1e28 - totalSupply(); return maximumWithdrawable; }
Other
#0 - c4-pre-sort
2023-11-20T08:51:33Z
minhquanym marked the issue as insufficient quality report
#1 - minhquanym
2023-11-20T08:51:35Z
QA
#2 - c4-judge
2023-11-29T16:02:29Z
MarioPoneder changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-11-29T21:16:12Z
MarioPoneder marked the issue as grade-b