Platform: Code4rena
Start Date: 10/05/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 100
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 1
Id: 122
League: ETH
Rank: 79/100
Findings: 2
Award: $48.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BondiPestControl
Also found by: 0xf15ers, GimelSec, IllIllI, MadWookie, MiloTruck, Ruhum, VAD37, berndartmueller, cccz, csanuragjain, dipp, hake, horsefacts, jayjonah8, m9800, pedroais, throttle
31.6149 USDC - $31.61
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L224 https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L250
A user could send more premium than the option premium to buy the option. That extra amount is not sended back and it's assigned to the option seller.
The function buyOption() check if the msg.value is bigger or equal than the premium. If the user by mistake send more than the premium value, the extra amount is not sended back. https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L224 It is assigned to the beneficiary. https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L250
require that msg.value=premium . Another option would be to send back the funds only if msg.value>premium. The amout to send back would be msg.value - premium.
#0 - outdoteth
2022-05-15T17:02:08Z
reference issue: https://github.com/code-423n4/2022-05-cally-findings/issues/84
16.9712 USDC - $16.97
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119 https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L283 https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L124
The fee rate is set by the owner and doesn't have any restrictions. The owner can set fees over 100% and steal the funds.
The fee rate setted by the owner without restrictions. https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119
When a user wants to exercise the right of the call, fees are charged over the amount sended to buy the option underlying asset.
If the rate is 1e18 the owner steals all the funds from the caller of exercise(), if it's bigger he can steal all the other funds of the contract. Even if is set to very big values, protocolUnclaimedFees could be bigger than the balance of the contract and it would be impossible to withdraw the funds. https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L124
Set a max for fee rates.
#0 - outdoteth
2022-05-15T19:21:40Z
owner can set fee greater than 100%: https://github.com/code-423n4/2022-05-cally-findings/issues/48