Platform: Code4rena
Start Date: 29/04/2021
Pot Size: $30,000 USDC
Total HM: 3
Participants: 6
Period: 6 days
Judge: cemozer
Total Solo HM: 2
Id: 7
League: ETH
Rank: 2/6
Findings: 3
Award: $7,738.11
π Selected for report: 3
π Solo Findings: 0
6696.4286 BLO - $1,339.29
4017.8571 USDC - $4,017.86
paulius.eth
functions getTokenConfigBySymbolHash, getTokenConfigByCToken and getTokenConfigByUnderlying check returned index against max uint: index != uint(-1) -1 should indicate that the index is not found, however, a default value for an uninitialized uint is 0, so it is impossible to get -1. What is even weirder is that 0 will be returned for non-existing configs but 0 is a valid index for the 1st config.
One of the solutions would be to reserve 0 for a not found index and use it when searching in mappings. Then normal indexes should start from 1. Another solution would be to introduce a new mapping with a boolean value that indicates if this index is initialized or not but this may be a more gas costly way.
#0 - ghoul-sol
2021-05-08T21:06:51Z
UniswapConfig has been refactored. Index 0 is considered a non-existent config and all comparison are against that value.
π Selected for report: pauliax
1488.0952 BLO - $297.62
892.8571 USDC - $892.86
paulius.eth
contract CEther fallback function was refactored to be compatible with the Solidity 0.6 version:
/**
From Solidity 0.6 documentation:
"The unnamed function commonly referred to as βfallback functionβ was split up into a new fallback function that is defined using the fallback keyword and a receive ether function defined using the receive keyword. If present, the receive ether function is called whenever the call data is empty (whether or not ether is received). This function is implicitly payable. The new fallback function is called when no other function matches (if the receive ether function does not exist then this includes calls with empty call data). You can make this function payable or not. If it is not payable then transactions not matching any other function which send value will revert. You should only need to implement the new fallback function if you are following an upgrade or proxy pattern."
I think in this case "receive" is more suitable as the function is expecting to receive ether and empty call data.
Replace "fallback" with "receive".
#0 - ghoul-sol
2021-05-08T16:47:40Z
Fixed as recommended
π Selected for report: pauliax
1488.0952 BLO - $297.62
892.8571 USDC - $892.86
paulius.eth
Here the condition should be '<=', not '<' to allow filling the cap fully: require(nextTotalBorrows < borrowCap, "market borrow cap reached");
require(nextTotalBorrows <= borrowCap, "market borrow cap reached");
#0 - ghoul-sol
2021-05-06T16:31:25Z
Added to backlog.