Platform: Code4rena
Start Date: 20/10/2021
Pot Size: $30,000 ETH
Total HM: 5
Participants: 15
Period: 3 days
Judge: 0xean
Total Solo HM: 3
Id: 44
League: ETH
Rank: 5/15
Findings: 3
Award: $1,047.46
🌟 Selected for report: 0
🚀 Solo Findings: 0
pauliax
payable(msg.sender).transfer(toTransfer); feeRecipient.transfer(address(this).balance); It is no longer recommended to use .transfer when sending ether as recipients with custom fallback functions (smart contracts) will not be able to handle that. You can read more here: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Solution (make sure to keep nonReentrant): https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol#L53-L59
#0 - Shadowfiend
2021-11-04T15:53:45Z
Duplicate of #20.
🌟 Selected for report: TomFrenchBlockchain
Also found by: pauliax
367.2631 USDC - $367.26
pauliax
According to the err msg here, the check should be inclusive <= : require(swapFee_ < SWAP_FEE_DIVISOR, "Swap::setSwapFee: Swap fee must not exceed 100%");
require(swapFee_ <= SWAP_FEE_DIVISOR, "Swap::setSwapFee: Swap fee must not exceed 100%");
#0 - Shadowfiend
2021-11-03T21:00:34Z
Quite the edge case :grin: We may try to adjust this if we get in there, depending on what we decide to do about #10 .
35.9883 USDC - $35.99
pauliax
Similarly, as you do with the tokens, consider only transferring the balance if it is not 0: feeRecipient.transfer(address(this).balance); or here: payable(msg.sender).transfer(boughtETHAmount);
Only do the external call if the amount is above zero.
#0 - Shadowfiend
2021-11-04T16:58:50Z
Duplicate of #31.
🌟 Selected for report: TomFrenchBlockchain
Also found by: pauliax
35.9883 USDC - $35.99
pauliax
Lower than uint256 size variables are less gas efficient. E.g. using uint8 does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint8 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs. Here is the example where uint256 would be more efficient: for (uint8 i = 0; i<tokens.length; i++)
for (uint256 i = 0; i<tokens.length; i++)
#0 - Shadowfiend
2021-11-03T20:48:37Z
Duplicate of #7.
🌟 Selected for report: harleythedog
pauliax
Here the FeesSwept event will always emit 0 amount as this.balance is already transferred an nothing left in the contract: feeRecipient.transfer(address(this).balance); emit FeesSwept(address(0), address(this).balance, feeRecipient);
uint balance = address(this).balance; feeRecipient.transfer(balance); emit FeesSwept(address(0), balance, feeRecipient);
#0 - Shadowfiend
2021-11-04T15:54:28Z
Duplicate of #21.