Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $100,000 USDC
Total HM: 18
Participants: 60
Period: 7 days
Judge: gzeon
Total Solo HM: 10
Id: 112
League: ETH
Rank: 38/60
Findings: 2
Award: $244.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s
159.3125 USDC - $159.31
Issue Information: L005 - Do not use Deprecated Library Functions
CvxCrvRewardsLocker.sol::53 => IERC20(CRV).safeApprove(CRV_DEPOSITOR, type(uint256).max); CvxCrvRewardsLocker.sol::56 => IERC20(CVX_CRV).safeApprove(CVX_CRV_STAKING, type(uint256).max); CvxCrvRewardsLocker.sol::59 => IERC20(CRV).safeApprove(CVX_CRV_CRV_CURVE_POOL, type(uint256).max); CvxCrvRewardsLocker.sol::62 => IERC20(CVX).safeApprove(CVX_LOCKER, type(uint256).max); actions/topup/TopUpAction.sol::50 => IERC20(token).safeApprove(stakerVaultAddress, depositAmount); actions/topup/TopUpAction.sol::847 => IERC20(depositToken).safeApprove(feeHandler, feeAmount); actions/topup/TopUpAction.sol::908 => IERC20(token).safeApprove(spender, type(uint256).max); actions/topup/handlers/AaveHandler.sol::53 => IERC20(underlying).safeApprove(address(lendingPool), amount); actions/topup/handlers/CompoundHandler.sol::71 => IERC20(underlying).safeApprove(address(ctoken), amount); actions/topup/handlers/CompoundHandler.sol::120 => IERC20(underlying).safeApprove(address(ctoken), debt); pool/LiquidityPool.sol::721 => IERC20(lpToken_).safeApprove(staker_, type(uint256).max); strategies/BkdEthCvx.sol::43 => IERC20(lp_).safeApprove(address(_BOOSTER), type(uint256).max); strategies/BkdTriHopCvx.sol::71 => IERC20(underlying_).safeApprove(curveHopPool_, type(uint256).max); strategies/BkdTriHopCvx.sol::72 => IERC20(hopLp_).safeApprove(curvePool_, type(uint256).max); strategies/BkdTriHopCvx.sol::73 => IERC20(lp_).safeApprove(address(_BOOSTER), type(uint256).max); strategies/BkdTriHopCvx.sol::129 => IERC20(hopLp).safeApprove(curvePool_, 0); strategies/BkdTriHopCvx.sol::130 => IERC20(hopLp).safeApprove(curvePool_, type(uint256).max); strategies/BkdTriHopCvx.sol::131 => IERC20(lp_).safeApprove(address(_BOOSTER), 0); strategies/BkdTriHopCvx.sol::132 => IERC20(lp_).safeApprove(address(_BOOSTER), type(uint256).max); strategies/ConvexStrategyBase.sol::107 => _CRV.safeApprove(address(_strategySwapper), type(uint256).max); strategies/ConvexStrategyBase.sol::108 => _CVX.safeApprove(address(_strategySwapper), type(uint256).max); strategies/ConvexStrategyBase.sol::109 => _WETH.safeApprove(address(_strategySwapper), type(uint256).max); strategies/ConvexStrategyBase.sol::279 => IERC20(token_).safeApprove(address(_strategySwapper), 0); strategies/ConvexStrategyBase.sol::280 => IERC20(token_).safeApprove(address(_strategySwapper), type(uint256).max); strategies/StrategySwapper.sol::209 => IERC20(token_).safeApprove(spender_, type(uint256).max); vault/Erc20Vault.sol::21 => IERC20(underlying_).safeApprove(address(reserve), type(uint256).max); vault/Erc20Vault.sol::22 => IERC20(underlying_).safeApprove(_pool, type(uint256).max);
🌟 Selected for report: joestakey
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xmint, Dravee, Funen, IllIllI, MaratCerby, NoamYakov, Tadashi, TerrierLover, Tomio, WatchPug, catchup, defsec, fatherOfBlocks, hake, horsefacts, kenta, oyc_109, pauliax, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tin537, z3s
84.957 USDC - $84.96
Issue Information: G001 - variables with default value
Controller.sol::114 => uint256 totalEthRequired = 0; Controller.sol::117 => for (uint256 i = 0; i < numActions; i++) { StakerVault.sol::144 => uint256 startingAllowance = 0; StakerVault.sol::260 => for (uint256 i = 0; i < actions.length; i++) { access/RoleManager.sol::80 => for (uint256 i = 0; i < roles.length; i++) { actions/topup/TopUpAction.sol::152 => uint256 internal constant _MAX_ACTION_FEE = 0.5 * 1e18; actions/topup/TopUpAction.sol::153 => uint256 internal constant _MIN_SWAPPER_SLIPPAGE = 0.6 * 1e18; actions/topup/TopUpAction.sol::154 => uint256 internal constant _MAX_SWAPPER_SLIPPAGE = 0.95 * 1e18; actions/topup/TopUpAction.sol::188 => for (uint256 i = 0; i < protocols.length; i++) { actions/topup/TopUpAction.sol::452 => uint256 totalEthRequired = 0; actions/topup/TopUpAction.sol::456 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpAction.sol::479 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpAction.sol::506 => for (uint256 i = 0; i < howMany; i++) { actions/topup/TopUpAction.sol::891 => for (uint256 i = 0; i < length; i++) { actions/topup/handlers/CTokenRegistry.sol::61 => for (uint256 i = 0; i < ctokens.length; i++) { actions/topup/handlers/CompoundHandler.sol::135 => for (uint256 i = 0; i < assets.length; i++) { pool/LiquidityPool.sol::483 => uint256 currentFeeRatio = 0; strategies/ConvexStrategyBase.sol::313 => for (uint256 i = 0; i < _rewardTokens.length(); i++) { strategies/ConvexStrategyBase.sol::380 => for (uint256 i = 0; i < _rewardTokens.length(); i++) { vault/Vault.sol::135 => uint256 allocatedUnderlying = 0; vault/Vault.sol::583 => uint256 strategistShare = 0;
Issue Information: G002 - array length outside loop
StakerVault.sol::260 => for (uint256 i = 0; i < actions.length; i++) { access/RoleManager.sol::80 => for (uint256 i = 0; i < roles.length; i++) { actions/topup/TopUpAction.sol::188 => for (uint256 i = 0; i < protocols.length; i++) { actions/topup/TopUpKeeperHelper.sol::43 => for (uint256 i = 0; i < users.length; i++) { actions/topup/TopUpKeeperHelper.sol::46 => for (uint256 j = 0; j < positions.length; j++) {th); actions/topup/TopUpKeeperHelper.sol::72 => for (uint256 i = 0; i < keys.length; i++) { actions/topup/handlers/CTokenRegistry.sol::61 => for (uint256 i = 0; i < ctokens.length; i++) { actions/topup/handlers/CompoundHandler.sol::135 => for (uint256 i = 0; i < assets.length; i++) { strategies/ConvexStrategyBase.sol::313 => for (uint256 i = 0; i < _rewardTokens.length(); i++) { strategies/ConvexStrategyBase.sol::380 => for (uint256 i = 0; i < _rewardTokens.length(); i++) {
Issue Information: G009 - Prefix increments are cheaper than postfix increments
Controller.sol::117 => for (uint256 i = 0; i < numActions; i++) { StakerVault.sol::260 => for (uint256 i = 0; i < actions.length; i++) { access/RoleManager.sol::80 => for (uint256 i = 0; i < roles.length; i++) { actions/topup/TopUpAction.sol::188 => for (uint256 i = 0; i < protocols.length; i++) { actions/topup/TopUpAction.sol::456 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpAction.sol::479 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpAction.sol::506 => for (uint256 i = 0; i < howMany; i++) { actions/topup/TopUpAction.sol::891 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpKeeperHelper.sol::43 => for (uint256 i = 0; i < users.length; i++) { actions/topup/TopUpKeeperHelper.sol::46 => for (uint256 j = 0; j < positions.length; j++) { actions/topup/TopUpKeeperHelper.sol::50 => topupsAdded++; actions/topup/TopUpKeeperHelper.sol::72 => for (uint256 i = 0; i < keys.length; i++) { actions/topup/TopUpKeeperHelper.sol::93 => for (uint256 i = 0; i < length; i++) { actions/topup/TopUpKeeperHelper.sol::165 => for (uint256 i = 0; i < length; i++) { actions/topup/handlers/CTokenRegistry.sol::61 => for (uint256 i = 0; i < ctokens.length; i++) { actions/topup/handlers/CompoundHandler.sol::135 => for (uint256 i = 0; i < assets.length; i++) { strategies/ConvexStrategyBase.sol::313 => for (uint256 i = 0; i < _rewardTokens.length(); i++) { strategies/ConvexStrategyBase.sol::380 => for (uint256 i = 0; i < _rewardTokens.length(); i++) {