Platform: Code4rena
Start Date: 04/05/2022
Pot Size: $50,000 DAI
Total HM: 24
Participants: 71
Period: 5 days
Judge: Justin Goro
Total Solo HM: 14
Id: 119
League: ETH
Rank: 26/71
Findings: 3
Award: $218.85
🌟 Selected for report: 0
🚀 Solo Findings: 0
105.1961 DAI - $105.20
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L282 https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L169
All rewards calculations are referring to 18 decimals token. If reward token will have less than 18 decimals, calculations will be wrong and user will receive less tokens than he should be receiving.
If deposit token or reward token has 9 decimals
getMaximumRewards() will return almost zero and pool will created with 0 reward token transfer.
getRewards(poolId, receiptId) which is called from withdraw() function will return less reward to users compare to user should get and owner wanted to distribute.
Manual Analysis
calculate rewards with wei only.
#0 - illuzen
2022-05-10T07:39:19Z
Valid
#1 - illuzen
2022-06-03T02:43:25Z
#2 - gititGoro
2022-06-14T03:15:41Z
Duplicate of #47
🌟 Selected for report: horsefacts
Also found by: 0x1f8b, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, AlleyCat, Bruhhh, Dravee, Funen, GimelSec, Hawkeye, IllIllI, MaratCerby, PPrieditis, Picodes, Ruhum, TerrierLover, VAD37, berndartmueller, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, hickuphh3, hyh, ilan, joestakey, juicy, kebabsec, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, sorrynotsorry, throttle
74.5546 DAI - $74.55
_globalBeneficiary, it could not change once it deployed.#0 - illuzen
2022-05-12T08:32:19Z
all duplicates
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, CertoraInc, Dravee, Funen, GimelSec, Hawkeye, PPrieditis, Picodes, Ruhum, TerrierLover, Tomio, VAD37, Waze, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, ilan, joestakey, juicy, minhquanym, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, z3s
39.0982 DAI - $39.10
bool success will save some gas and best practice is to wrap transfer ERC20 transactions to require directly.Use
require(IERC20(pool.depositToken).transferFrom(msg.sender, address(this), amount), 'Token transfer failed');
Instead of
bool success = IERC20(pool.depositToken).transferFrom(msg.sender, address(this), amount); require(success, 'Token transfer failed');
uint taxUse
success = success && IERC20(pool.rewardTokens[i]).transfer(globalBeneficiary, taxes[poolId][i]); taxes[poolId][i] = 0;
Instead of
uint tax = taxes[poolId][i]; taxes[poolId][i] = 0; success = success && IERC20(pool.rewardTokens[i]).transfer(globalBeneficiary, tax);
#0 - illuzen
2022-05-12T08:34:32Z
all duplicates
#1 - gititGoro
2022-06-05T01:36:20Z
For the uint tax item, the developer is intentionally avoiding a reentrancy threat by ordering the state updates in this manner. That item is therefore invalid.