Platform: Code4rena
Start Date: 16/02/2023
Pot Size: $144,750 USDC
Total HM: 17
Participants: 154
Period: 19 days
Judge: Trust
Total Solo HM: 5
Id: 216
League: ETH
Rank: 73/154
Findings: 1
Award: $61.26
π Selected for report: 0
π Solo Findings: 0
π Selected for report: GalloDaSballo
Also found by: 0x3b, 0xAgro, 0xSmartContract, 0xTheC0der, 0xackermann, 0xnev, 0xsomeone, ABA, BRONZEDISC, Bjorn_bug, Bnke0x0, Breeje, Co0nan, CodeFoxInc, CodingNameKiki, DadeKuma, DeFiHackLabs, IceBear, Josiah, Kaysoft, Lavishq, MohammedRizwan, PaludoX0, PawelK, Phantasmagoria, Raiders, RaymondFam, Rickard, Rolezn, Sathish9098, SleepingBugs, SuperRayss, UdarTeam, Udsen, Viktor_Cortess, arialblack14, ast3ros, bin2chen, brgltd, btk, catellatech, ch0bu, chaduke, chrisdior4, codeislight, cryptonue, delfin454000, descharre, dontonka, emmac002, fs0c, hacker-dom, hansfriese, imare, lukris02, luxartvinsec, martin, matrix_0wl, peanuts, rbserver, shark, tnevler, trustindistrust, tsvetanovv, vagrant, yongskiws, zzzitron
61.2601 USDC - $61.26
Ethos QA report was done by martin, with a main focus on the low severity and non-critical security aspects of the implementaion and logic of the project.
The following issues were found, categorized by their severity:
updateCollateralRatios with pending and approve functionsBecause of admin human error itβs possible to set a new _MCR and _CCR invalid values. When you want to change these values, itβs better to propose a change, and then approve this changes.
There are 1 instances of this issue:
85: function updateCollateralRatios(
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/CollateralConfig.sol
revert() should be used instead of assert()The comment above clarifies that it is impossible to open a trove with zero withdrawn LUSD, in such case it's better to add the check and revert providing a description of necessary.
There are 2 instances of this issue:
128: assert(MIN_NET_DEBT > 0); 197: assert(vars.compositeDebt > 0);
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/BorrowerOperations.sol
_safeMint() should be used rather than _mint() wherever possibleWhen minting NFTs, the code uses _safeMint function of the OZ reference implementation. This function is safe because it checks whether the receiver can receive ERC721 tokens. The can prevent the case that a NFT will be minted to a contract that cannot handle ERC721 tokens. However, this external function call creates a security loophole. Specifically, the attacker can perform a reentrant call inside the onERC721Received callback. More detailed information why a reeentrancy can occur - https://blocksecteam.medium.com/when-safemint-becomes-unsafe-lessons-from-the-hypebears-security-incident-2965209bda2a.
There are 2 instances of this issue:
427: _lusdToken.mint(lqtyStakingAddress, LUSDFee); 513: _lusdToken.mint(_account, _LUSDAmount);
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/BorrowerOperations.sol
ActivePoolCollateralBalanceUpdated and CollateralSent events are called earlyEvent is actually emit before the action, event emits should be moved after the action. Otherwise it might cause incorrectly emitted event.
There are 6 instances of this issue:
176: emit ActivePoolCollateralBalanceUpdated(_collateral, collAmount[_collateral]); 177: emit CollateralSent(_collateral, _account, _amount);
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/ActivePool.sol
354: emit CollateralGainWithdrawn(msg.sender, collateral, amount); 400: emit CollateralGainWithdrawn(msg.sender, collateral, amount); 788: emit CollateralSent(_collateral, msg.sender, _amount);
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/StabilityPool.sol
243: emit CollateralSent(msg.sender, collateral, amounts[i]);
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/LQTY/LQTYStaking.sol
Using a floating pragma ^0.8.0 statement is discouraged as code can compile to different bytecodes with different compiler versions. Use a stable pragma statement to get a deterministic bytecode. Also use latest Solidity version to get all compiler features, bugfixes and optimizations
There are 4 instances of this issue:
File: /Ethos-Vault/contracts/ReaperVaultV2.sol File: /Ethos-Vault/contracts/ReaperVaultERC4626.sol File: /Ethos-Vault/contracts/abstract/ReaperBaseStrategyv4.sol File: /Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol
There are 8 instances of this issue:
File: /Ethos-Core/contracts/CollateralConfig.sol File: /Ethos-Core/contracts/BorrowerOperations.sol File: /Ethos-Core/contracts/TroveManager.sol File: /Ethos-Core/contracts/ActivePool.sol File: /Ethos-Core/contracts/StabilityPool.sol File: /Ethos-Core/contracts/LQTY/CommunityIssuance.sol File: /Ethos-Core/contracts/LQTY/LQTYStaking.sol File: /Ethos-Core/contracts/LUSDToken.sol
The so called 'Require' wrapper functions are actually modifiers. Modifiers were introduced in Solidity version 0.4.0 and it is a best practice to use them.
There are 4 instances of this issue:
522: // --- 'Require' wrapper functions ---
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/BorrowerOperations.sol
1520: // --- 'require' wrapper functions ---
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/TroveManager.sol
130: // --- 'require' functions ---
249: // --- 'require' functions ---
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/LQTY/LQTYStaking.sol
There are 1 instances of this issue:
File: /Ethos-Core/contracts/TroveManager.sol
There are 2 instances of this issue:
849: require( msg.sender == address(activePool), "StabilityPool: Caller is not ActivePool");
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/StabilityPool.sol
25: mapping( address => uint) public stakes;
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Core/contracts/LQTY/LQTYStaking.sol
There are 1 instances of this issue:
58: distributionPeriod = 14 days;
1e18) rather than exponentiation (e.g. 10**18)There are 1 instances of this issue:
40: uint256 public constant DEGRADATION_COEFFICIENT = 10**18;
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultV2.sol
return variables anywhere in the function is confusingConsider changing the variable to be an unnamed one.
There are 2 instances of this issue:
29: function asset() external view override returns (address assetTokenAddress) {
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultERC4626.sol
104: function _liquidateAllPositions() internal override returns (uint256 amountFreed) {
#0 - c4-judge
2023-03-09T14:00:48Z
trust1995 marked the issue as grade-b
#1 - c4-sponsor
2023-03-28T20:02:13Z
0xBebis marked the issue as sponsor confirmed