Platform: Code4rena
Start Date: 11/11/2022
Pot Size: $90,500 USDC
Total HM: 52
Participants: 92
Period: 7 days
Judge: LSDan
Total Solo HM: 20
Id: 182
League: ETH
Rank: 70/92
Findings: 1
Award: $52.03
π Selected for report: 0
π Solo Findings: 0
π Selected for report: 0xSmartContract
Also found by: 0x4non, 0xNazgul, 0xRoxas, 0xdeadbeef0x, 0xmuxyz, 9svR6w, Awesome, Aymen0909, B2, Bnke0x0, CloudX, Deivitto, Diana, Franfran, IllIllI, Josiah, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, Secureverse, SmartSek, Trust, Udsen, a12jmx, aphak5010, brgltd, bulej93, c3phas, ch0bu, chaduke, chrisdior4, clems4ever, cryptostellar5, datapunk, delfin454000, fs0c, gogo, gz627, hl_, immeas, joestakey, lukris02, martin, nogo, oyc_109, pashov, pavankv, peanuts, pedr02b2, rbserver, rotcivegaf, sahar, sakman, shark, tnevler, trustindistrust, zaskoh, zgo
52.0338 USDC - $52.03
receive()/fallback() functionIf the intention is for the Ether to be used, the function should call another function, otherwise it should revert (e.g. require(msg.sender == address(weth))). Having no access control on the function means that someone may send Ether to the contract, and have no way to get anything back out, which is a loss of funds
There are 3 instances of this issue:
File: /contracts/smart-wallet/OwnableSmartWallet.sol 148: receive() external payable {
File: /contracts/liquid-staking/SyndicateRewardsProcessor.sol 98: receive() external payable {}
File: /contracts/liquid-staking/LiquidStakingManager.sol 629: receive() external payable {}
emit function called in wrong orderThere are 1 instances of this issue:
File: /contracts/liquid-staking/StakingFundsVault.sol 192: emit ETHWithdrawnByDepositor(msg.sender, _amount);
approve() not checkedNot all IERC20 implementations revert() when thereβs a failure in approve(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually approving anything.
There are 1 instances of this issue:
File: /contracts/liquid-staking/LiquidStakingManager.sol 870: sETH.approve(syndicate, (2 ** 256) - 1);
pragma should be usedThere are 18 instances of this issue:
File: /contracts/liquid-staking/OptionalGatekeeperFactory.sol File: /contracts/liquid-staking/OptionalHouseGatekeeper.sol File: /contracts/liquid-staking/SavETHVaultDeployer.sol File: /contracts/liquid-staking/StakingFundsVaultDeployer.sol File: /contracts/smart-wallet/OwnableSmartWalletFactory.sol File: /contracts/liquid-staking/LPTokenFactory.sol File: /contracts/liquid-staking/GiantLP.sol File: /contracts/liquid-staking/LPToken.sol File: /contracts/liquid-staking/GiantPoolBase.sol File: /contracts/liquid-staking/LSDNFactory.sol File: /contracts/liquid-staking/GiantSavETHVaultPool.sol File: /contracts/smart-wallet/OwnableSmartWallet.sol File: /contracts/liquid-staking/SavETHVault.sol File: /contracts/liquid-staking/GiantMevAndFeesPool.sol File: /contracts/liquid-staking/StakingFundsVault.sol File: /contracts/liquid-staking/LiquidStakingManager.sol File: /contracts/liquid-staking/SyndicateRewardsProcessor.sol File: /contracts/liquid-staking/ETHPoolLPFactory.sol
indexed fieldsThere are 21 instances of this issue:
File: /contracts/liquid-staking/SavETHVault.sol 19: event DETHRedeemed(address depositor, uint256 amount); 22: event ETHWithdrawnForStaking(address withdrawalAddress, address liquidStakingManager, uint256 amount);
https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/liquid-staking/SavETHVault.sol
File: /contracts/liquid-staking/StakingFundsVault.sol event ETHDeposited(address sender, uint256 amount); event ETHWithdrawn(address receiver, address admin, uint256 amount); event ERC20Recovered(address admin, address recipient, uint256 amount); event WETHUnwrapped(address admin, uint256 amount);
File: /contracts/syndicate/Syndicate.sol 39: event ContractDeployed(); 42: event UpdateAccruedETH(uint256 unprocessed); 45: event CollateralizedSLOTReCalibrated(bytes BLSPubKey); 48: event KNOTRegistered(bytes BLSPubKey); 51: event KnotDeRegistered(bytes BLSPubKey); 57: event Staked(bytes BLSPubKey, uint256 amount); 60: event UnStaked(bytes BLSPubKey, uint256 amount);
https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/syndicate/Syndicate.sol
File: /contracts/liquid-staking/ETHPoolLPFactory.sol 16: event ETHWithdrawnByDepositor(address depositor, uint256 amount); 19: event LPTokenBurnt(bytes blsPublicKeyOfKnot, address token, address depositor, uint256 amount); 22: event NewLPTokenIssued(bytes blsPublicKeyOfKnot, address token, address firstDepositor, uint256 amount); 25: event LPTokenMinted(bytes blsPublicKeyOfKnot, address token, address depositor, uint256 amount);
File: /contracts/liquid-staking/SyndicateRewardsProcessor.sol 9: event ETHReceived(uint256 amount);
File: /contracts/liquid-staking/LiquidStakingManager.sol 57: event StakehouseJoined(bytes blsPubKey); 69: event NetworkTickerUpdated(string newTicker); 84: event DAOCommissionUpdated(uint256 old, uint256 newCommission);
There are 1 instances of this issue:
File: /contracts/syndicate/Syndicate.sol 195: // todo - check else case for any ETH lost
https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/syndicate/Syndicate.sol
1e18) rather than exponentiation (e.g. 10**18)There are 1 instances of this issue:
File: /contracts/liquid-staking/LiquidStakingManager.sol 870: sETH.approve(syndicate, (2 ** 256) - 1);
#0 - c4-judge
2022-11-30T12:02:23Z
dmvt marked the issue as grade-b