Platform: Code4rena
Start Date: 02/08/2023
Pot Size: $42,000 USDC
Total HM: 13
Participants: 45
Period: 5 days
Judge: hickuphh3
Total Solo HM: 5
Id: 271
League: ETH
Rank: 23/45
Findings: 1
Award: $115.67
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: SanketKogekar
Also found by: MohammedRizwan, bin2chen, cartlex_, piyushshukla
115.6748 USDC - $115.67
The swapExactAmountOut function in the provided code appears to be lacking a deadline or block.timstamp
function swapExactAmountOut( address _account, uint256 _amountOut, uint256 _amountInMax ) external returns (uint256) { _checkUpdateAuction(); uint swapAmountIn = _computeExactAmountIn(_amountOut); if (swapAmountIn > _amountInMax) { revert SwapExceedsMax(_amountInMax, swapAmountIn); } _amountInForPeriod += uint96(swapAmountIn); _amountOutForPeriod += uint96(_amountOut); _lastAuctionTime += uint48(uint256(convert(convert(int256(_amountOut)).div(_emissionRate)))); source.liquidate(_account, tokenIn, swapAmountIn, tokenOut, _amountOut); return swapAmountIn; }
Manual
Add a deadline mechanism within the swapExactAmountOut function. By adding a parameter for specifying the deadline (in block number or timestamp)
Token-Transfer
#0 - raymondfam
2023-08-07T21:55:45Z
Insufficient proof. Additionally, _amountInMax has been implemented as slippage protection.
#1 - c4-pre-sort
2023-08-07T21:55:50Z
raymondfam marked the issue as low quality report
#2 - c4-pre-sort
2023-08-08T02:39:40Z
raymondfam marked the issue as duplicate of #126
#3 - raymondfam
2023-08-08T06:11:33Z
The severity should be medium.
#4 - c4-judge
2023-08-12T09:26:09Z
HickupHH3 marked the issue as partial-50
#5 - HickupHH3
2023-08-12T09:26:33Z
Partial credit for submission quality
#6 - c4-judge
2023-08-12T09:26:40Z
HickupHH3 changed the severity to 2 (Med Risk)