Platform: Code4rena
Start Date: 06/12/2022
Pot Size: $36,500 USDC
Total HM: 16
Participants: 119
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 189
League: ETH
Rank: 92/119
Findings: 2
Award: $1.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0x446576, 0xA5DF, 0xDave, 0xDecorativePineapple, 0xRobocop, 0xbepresent, 8olidity, Aymen0909, Ch_301, Chom, Franfran, HollaDieWaldfee, Madalad, Parth, Ruhum, Tricko, bin2chen, carrotsmuggler, chaduke, danyams, evan, gz627, hansfriese, hihen, imare, immeas, jadezti, jayphbee, jonatascm, kaliberpoziomka8552, kiki_dev, kree-dotcom, ladboy233, lukris02, lumoswiz, mahdikarimi, minhquanym, minhtrng, nameruse, neumo, obront, pauliax, poirots, reassor, rvierdiiev, slvDev, sorrynotsorry, yixxas, zapaz
0.4206 USDC - $0.42
It's possible to getPrice function not be able return value ( due to underflow wich makes transaction revert )
temp.startPrice - (temp.dropPerSecond * timeElapsed) In this line If the timeElapsed and dropPerSecond be larger that startPrice makes it impossible to return value .
add a check when createLPDASale to ensure that ( startPrice - ( endTime - startTime ) * dropPerSecond ) can not be negative .
#0 - c4-judge
2022-12-11T11:38:46Z
berndartmueller marked the issue as duplicate of #392
#1 - c4-judge
2023-01-02T19:55:55Z
berndartmueller changed the severity to 3 (High Risk)
#2 - c4-judge
2023-01-02T19:56:00Z
berndartmueller marked the issue as partial-50
🌟 Selected for report: AkshaySrivastav
Also found by: 0x52, 0xA5DF, 0xdeadbeef0x, KingNFT, Madalad, Parth, Soosh, _Adam, adriro, csanuragjain, danyams, eyexploit, gasperpre, gz627, gzeon, hansfriese, hihen, immeas, jadezti, jonatascm, kiki_dev, kree-dotcom, ladboy233, lukris02, lumoswiz, mahdikarimi, minhtrng, nalus, nameruse, obront, reassor, rvierdiiev, seyni, tnevler, wait, yixxas
1.3417 USDC - $1.34
fee amount will not transfer to feeReceiver in case of auction ends and not all editions being sold .
In LPDA sale the only mechanism to transfer fee amount to feeReceiver is when the newId is equal to finalId it means if after auction endtime newId not achieves finalId ( not all tokens being sold ) the value will be lock down and no way to transfer feeAmount to feeReceiver .
Manual Review
Add a seperate function that transfers automatically all the fee amount to feeReceiver at the end of auction . Note : you need to ensure that adding this mechanism doesn't effect the other transfer mechanism for example add a safety check or modifier to ensure this can be called only if all tokens not being sold ( It means only if other mechanism doesn't performs ) .
#0 - c4-judge
2022-12-12T09:00:43Z
berndartmueller marked the issue as duplicate of #328
#1 - c4-judge
2023-01-02T20:20:56Z
berndartmueller changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-01-02T20:22:47Z
berndartmueller marked the issue as satisfactory