Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 85/101
Findings: 1
Award: $33.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5761 USDC - $33.58
The following QA issues were found during the code audit:
require() statement or emitting an event (1 instance)Total 3 instances of 3 issues.
Some contracts use pragma solidity ^0.8.4, which was released on Apr 21, 2021. This compiler version is 18-month old by now. The latest version is 0.8.17 and it was released 4 days ago.
In contracts/shutdown/fuse/MerkleRedeemerDripper.sol, the natspec does not match the implementation:
/// @notice Overrides drip() in the ERC20Dripper contract to add a balance check on the target /// @dev This will revert if there are < amountToDrip tokens in this contract, so make sure /// that it is funded with a multiple of amountToDrip to avoid this case. function drip() public override { require( IERC20(token).balanceOf(target) < amountToDrip, "MerkleRedeemerDripper: dripper target already has enough tokens." ); super.drip(); }
The require() statement will revert if IERC20(token).balanceOf(target) >= amountToDrip, so either the implementation is wrong or the natspec is wrong.
require() statement or emitting an event (1 instance)In contracts/peg/SimpleFeiDaiPSM.sol:
function burnFeiHeld() external { uint256 feiBalance = FEI.balanceOf(address(this)); if (feiBalance != 0) { FEI.burn(feiBalance); } }
This function will do nothing if the balance of this contract is 0. This behavior could be confusing and it is hard for debugging. Consider adding require(feiBalance != 0) or emitting an event saying the burn operation failed.