Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $100,000 USDC
Total HM: 18
Participants: 60
Period: 7 days
Judge: gzeon
Total Solo HM: 10
Id: 112
League: ETH
Rank: 40/60
Findings: 1
Award: $169.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s
169.5152 USDC - $169.52
This is perhaps very unlikely but you should consider a price of 0 and error in a Chainlink answer.
In the function getpriceUSD#ChainlinkOracleProvider.sol, after you read the data from Chainlink aggregator you allow the answer to be zero.
require(answer >= 0, Error.NEGATIVE_PRICE); L51
It is not a good idea because a price of 0 should be an error in Chainlink in addition some part of your code you can get a division by zero error.
OracleProviderExtensions.sol#L15
return priceOracle.getPriceUSD(fromToken).scaledDiv(priceOracle.getPriceUSD(toToken));
[-] require(answer >= 0, Error.NEGATIVE_PRICE); L51 [+] require(answer > 0, Error.NEGATIVE_OR_ZERO_PRICE); L51
Both functions setAdmin and setFundAdmin at VestedEscrow can be set accidentally to address(0).
In my opinion this issue for setAdmin could be consider medium because all the contract would be left without admin.
require (_admin != address(0), "..");
The following functions are missing event emission after setting some parameter
setStalePriceDelay#ChainlinkOraclePrivider.sol
setMinter#InflationManager.sol
Create and emit proper events
#0 - chase-manning
2022-04-28T10:07:26Z
I consider this report to be of particularly high quality