Platform: Code4rena
Start Date: 04/01/2022
Pot Size: $75,000 USDC
Total HM: 17
Participants: 33
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 74
League: ETH
Rank: 19/33
Findings: 2
Award: $260.69
π Selected for report: 2
π Solo Findings: 0
π Selected for report: Dravee
Also found by: cmichel, jah, p4st13r4, pmerkleplant
p4st13r4
TimeswapFactory allows to transfer ownership of the contract, however pendingOwner is never reset upon accepting the ownership. Since itβs a public state var, itβs a good practice to reset it to 0 after the operation
function acceptOwner() external override { require(msg.sender == pendingOwner, 'E102'); owner = msg.sender; emit AcceptOwner(msg.sender); }
Editor
Add
pendingOwner = address(0)
#0 - amateur-dev
2022-01-15T04:04:07Z
Similar issue reported over here #83 ; hence closing this
π Selected for report: p4st13r4
93.0809 USDC - $93.08
p4st13r4
In TimeswapConvenience.sol the weth state variable is read twice. It can just be immediately assigned locally so that the two deposit calls avoid reading the same variable from storage
Editor
Assign weth to localWeth
#0 - Mathepreneur
2022-01-18T12:19:03Z
π Selected for report: p4st13r4
93.0809 USDC - $93.08
p4st13r4
In CollateralizedDebt.sol the pair state variable is read twice. It can just be immediately assigned locally so that the require and the collateralizedDebtCallback do not read the same state variable twice
function timeswapPayCallback(uint128 assetIn, bytes calldata data) external override { require(msg.sender == address(pair), 'E401'); convenience.collateralizedDebtCallback(pair, maturity, assetIn, data); }
Editor
Assign pair to e.g localPair
#0 - Mathepreneur
2022-01-18T12:21:19Z