Platform: Code4rena
Start Date: 19/04/2022
Pot Size: $30,000 USDC
Total HM: 10
Participants: 43
Period: 3 days
Judges: moose-code, JasoonS
Total Solo HM: 7
Id: 90
League: ETH
Rank: 23/43
Findings: 2
Award: $98.79
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xkatana, Dravee, Kenshin, Tadashi, TerrierLover, abhinavmir, defsec, ellahi, fatima_naz, foobar, gzeon, hyh, joestakey, kebabsec, kenta, minhquanym, oyc_109, rayn, robee, sseefried, xpriment626, z3s
69.53 USDC - $69.53
ManagedIndex can be initialize with totalWeight not equal to MAX_WEIGHTManagedIndex.initialize() not check if sum of weights is equal MAX_WEIGHTmint share accounting will not correct since it assumes totalWeight = MAX_WEIGHT
https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L50reweight correctly. Because reweight also assumes totalWeight = MAX_WEIGHT to do calculation https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L50_weights = [1, 1]Check for sum of _weights[] equal to MAX_WEIGHT
Router contract to help users transfer token in, call mint and burn all in one transaction.🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s
29.2584 USDC - $29.26
assets.at(i) and inactiveAssets.at(i) can save gasIndexLogic, each time assets.at(i) is called, at least 1 storage read operation (100 gas). Should cache it to memory variables to save gas.ManagedIndexReweightingLogic, TrackedIndexReweightingLogic, TopNMarketCapReweightingLogicCache assets.at(i), for example
address asset = assets.at(i);