Platform: Code4rena
Start Date: 01/08/2023
Pot Size: $91,500 USDC
Total HM: 14
Participants: 80
Period: 6 days
Judge: gzeon
Total Solo HM: 6
Id: 269
League: ETH
Rank: 70/80
Findings: 1
Award: $15.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Team_FliBit
Also found by: 0x70C9, 3docSec, 8olidity, DavidGiladi, Krace, LokiThe5th, Rolezn, Sathish9098, UniversalCrypto, banpaleo5, catellatech, digitizeworx, fatherOfBlocks, hpsb, j4ld1na, josephdara, kutugu, niser93, nonseodion, oakcobalt, osmanozdemir1, pep7siup, ravikiranweb3, said, sivanesh_808
15.3494 USDC - $15.35
The Natspec comment assumes that Uniswap V3 addresses are identical across all chains. But Uniswap addresses are no longer constant across chains. This is stated explicitly here in the Uniswap documentation. It says:
"Integrators should no longer assume that they are deployed to the same addresses across chains and be extremely careful to confirm mappings below."
The statement above precedes a table of addresses for each Uniswap contract on different chains.
2 instances were found: https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/RangeManager.sol#L35
The Natspec comment here says: "Overflow if dont scale down the sqrtPrice before div 2*192"
The correct statement should be "Overflow if don't scale down the sqrtPrice before div 2**192" as the sqrtPrice has to be divided by 2**192 and not 2*192.
1 instance found: https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L373
oraclePrice variable name to oraclePriceX8The oraclePrice variable has been scaled by 1e8 and can be renamed oraclePriceX8. This will improve readability. It will also make variable naming uniform since the variable preceding it was named priceX8 because it was also scaled by 1e8 [here].
1 Instance found: https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L376
The interfaces IUniswapV2Router01, IUniswapV2Factory, and IUniswapV2Pair were imported into the RangeManager contract but were unused in the contract or any other contract inheriting from it.
The IUniswapV2Factory and IUniswapV2Pair interfaces were also imported into the PositionManager contract but were unused in the contract or any other contract inheriting from it.
The imports should be removed if they aren't relevant to the contract to reduce bloat.
5 Instances found: https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/RangeManager.sol#L13 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/RangeManager.sol#L14 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/RangeManager.sol#L15 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/PositionManager/PositionManager.sol#L12 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/PositionManager/PositionManager.sol#L11
withdrawOptionAssets: Unused Return VariableThe return variable of withdrawOptionAssets function is unused in the executeBuyOptions function which is the only function that calls it.
The variable can be removed if it is not useful in the current implementation of the contract.
1 instance found: https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/PositionManager/OptionsPositionManager.sol#L74)
#0 - 141345
2023-08-10T09:20:58Z
#1 - c4-judge
2023-08-20T16:26:52Z
gzeon-c4 marked the issue as grade-b