Platform: Code4rena
Start Date: 09/11/2021
Pot Size: $75,000 USDC
Total HM: 57
Participants: 27
Period: 7 days
Judge: alcueca
Total Solo HM: 49
Id: 52
League: ETH
Rank: 13/27
Findings: 4
Award: $1,080.01
π Selected for report: 4
π Solo Findings: 1
295.0764 USDC - $295.08
rfa
In the enter() function you can swap your vader to xvader by supplying vader token, however vader token is implementing a fee on transfer https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L260, therefore there is an inconsistent amount of token that was receive by the contract, and the actual amount the was sent by the user.
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/x-vader/XVader.sol#L28
uint beforeBalance = vader.balanceOf(address(this)); vader.safeTransferFrom(msg.sender, address(this), amount); uint afterBalance = vader.balanceOf(address(this)) - beforeBalance;
#0 - 0xstormtrooper
2021-11-15T05:19:15Z
Fee on transfer for Vader.sol will be removed
#1 - 0xstormtrooper
2021-11-16T05:35:51Z
π Selected for report: rfa
rfa
In the claimConverted() function, the user can vest their vader token for a certain amount of time, but hasStarted modifier is missing, this can lead to claimConverted() function is callable by anyone, and the user can claim eventhough the vesting havent been started by the owner.
add hasStarted modifier
#0 - SamSteinGG
2021-11-25T12:01:57Z
Duplicate of #89
#1 - alcueca
2021-12-10T14:48:15Z
Not a duplicate, different line.
#2 - SamSteinGG
2021-12-16T12:03:30Z
@alcueca This should be invalid.
π Selected for report: rfa
161.9075 USDC - $161.91
rfa
In the vestFor() function, the user can vest their vader token for a certain amount of time, but there is no check on how many the contract actually receive the token, since the vader token is implementing a fee on transfer https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L260, therefore the amount that will be vested is counted without a fee.
uint beforeBalance = vader.balanceOf(address(this)); vader.safeTransferFrom(msg.sender, address(this), amount); uint afterBalance = vader.balanceOf(address(this)) - beforeBalance;
#0 - SamSteinGG
2021-11-25T12:01:30Z
This issue while valid will not lead to loss of funds and will simply increase the rate at which users unvest their stake.
#1 - alcueca
2021-12-12T05:18:51Z
Downgraded to low risk.
π Selected for report: rfa
68.651 USDC - $68.65
rfa
When referencing data, using memory is more expansive than using storage https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L103, this can happen because if you are referencing using a memory, it will copy the data to the memory, but in the storage pointer it will referencing the data directly from the storage.
#0 - SamSteinGG
2021-11-25T12:00:26Z
Duplicate of #85
#1 - alcueca
2021-12-10T14:46:49Z
Not a duplicate, barely.
π Selected for report: rfa
68.651 USDC - $68.65
rfa
When referencing data, using memory is more expansive than using storage https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L159, this can happen because if you are referencing using a memory, it will copy the data to the memory, but in the storage pointer it will referencing the data directly from the storage.
#0 - SamSteinGG
2021-11-25T12:00:47Z
Duplicate of #85
#1 - alcueca
2021-12-10T14:47:20Z
Not a duplicate, different line.