Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $55,000 USDC
Total HM: 29
Participants: 88
Period: 5 days
Judge: gzeon
Total Solo HM: 7
Id: 134
League: ETH
Rank: 39/88
Findings: 3
Award: $172.22
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Kumpa
Also found by: Metatron, cccz, cryptphi, hansfriese, jah, kenzo, kirk-baird, pashov, poirots
43.9587 USDC - $43.96
The first implementation of lend, targeting the Illuminate and Yield tokens, is accounting fees when minting tokens for msg.sender, but is not updating fees.
Lending of Illuminate and Yield tokens, as long as feenumerator > 0, will result in the intended fee amount remaining locked in the Lender contract, and not accounted for when withdrawing fees to the admin. The only way then to retrieve them is via withdraw which always withdraws the full balance.
Manual Analysis
Add the missing logic to this particular lend function:
fees[u] += calculateFee(a)
#0 - KenzoAgada
2022-06-28T06:44:04Z
Duplicate of #208
π Selected for report: defsec
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kenshin, Kulk0, Lambda, Limbooo, MadWookie, Metatron, Picodes, Soosh, StErMi, TomJ, WatchPug, Waze, Yiko, _Adam, ak1, asutorufos, aysha, bardamu, catchup, datapunk, delfin454000, dipp, fatherOfBlocks, grGred, hake, hansfriese, hyh, joestakey, kebabsec, kenzo, kirk-baird, oyc_109, pashov, poirots, rfa, robee, saian, sashik_eth, shenwilly, simon135, slywaters, z3s, zeesaw, zer0dot
65.8003 USDC - $65.80
Several functions that set contract settings to do emit events regarding those updates. For future-proofing and outside visibility, it is recommended that events are added to reflect the internal state updates of the contracts
Safe.sol should document the commit ref of solmate it is inspired fromThis can help future developments, and audits, quickly identify possible problems that are fixed in future solmate versions without having to manually check the history
π Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xkowloon, Bnke0x0, ElKu, Fitraldys, Funen, GalloDaSballo, IllIllI, JC, Kaiziron, Lambda, MadWookie, Noah3o6, Nyamcil, RoiEvenHaim, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, asutorufos, bardamu, c3phas, catchup, datapunk, defsec, delfin454000, fatherOfBlocks, grGred, hake, hansfriese, hyh, ignacio, joestakey, kebabsec, ladboy233, oyc_109, pashov, poirots, rfa, robee, sach1r0, samruna, sashik_eth, simon135, slywaters, z3s, zer0dot
62.4602 USDC - $62.46
2**256 - 1 can be replaced by type(uint256).max, which is both more readable and more gas-efficienti++ in various for loops , whilei is already being incremented in an unchecked block, you can get further savings by using i += 1 instead of i++