Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 27/30
Findings: 2
Award: $94.55
🌟 Selected for report: 0
🚀 Solo Findings: 0
90.1739 USDC - $90.17
loop
The initialize function in Basket has no safeguard for getting invoked again after Basket has been initialized from Factory.
State variables of the basket can be overwritten.
The inititalize function sets most of the state variables: `function initialize(IFactory.Proposal memory proposal, IAuction auction_) public override { publisher = proposal.proposer; licenseFee = proposal.licenseFee; factory = IFactory(msg.sender); auction = auction_; ibRatio = BASE; tokens = proposal.tokens; weights = proposal.weights; approveUnderlying(address(auction));
__ERC20_init(proposal.tokenName, proposal.tokenSymbol);
}` Creating a contract using IFactory a custom proposal can be passed to the initialize function overwriting the state variables of the Basket contract.
Use initialized boolean similar to initialize function in Auction:
function initialize(address basket_, address factory_) public override { require(!initialized); basket = IBasket(basket_); factory = IFactory(factory_); initialized = true; }
#0 - frank-beard
2021-10-19T16:59:42Z
#1 - GalloDaSballo
2021-12-12T18:00:35Z
Duplicate of #50
4.3799 USDC - $4.38
loop
Variables smaller than 32 bytes can be grouped together in the same storage slot. The globally declared booleans auctionOngoing, hasBonded and initialized in Auction.sol can be packed together in the same slot considering booleans have a size of 1 byte. Currently they are split by uint256 variables and each take up a full storage slot.
Packing variables saves a bit of gas due to less storage slots used.
Auction.sol : line 16-21:
bool public override auctionOngoing; - slot 1
uint256 public override auctionStart; - slot 2
bool public override hasBonded; - slot 3
uint256 public override bondAmount; - slot 4
uint256 public override bondTimestamp; - slot 5
bool public override initialized; - slot 6
Could be changed into:
bool public override auctionOngoing; - slot 1
bool public override initialized; - slot 1
bool public override hasBonded; - slot 1
uint256 public override auctionStart; - slot 2
uint256 public override bondAmount; - slot 3
uint256 public override bondTimestamp; - slot 4
#0 - GalloDaSballo
2021-11-26T16:38:31Z
Duplicate of #109