Platform: Code4rena
Start Date: 14/06/2022
Pot Size: $50,000 USDC
Total HM: 19
Participants: 99
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 136
League: ETH
Rank: 46/99
Findings: 3
Award: $91.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hyh
Also found by: 0x29A, 0xNineDec, 0xf15ers, 0xkowloon, GreyArt, IllIllI, KIntern, Kenshin, Lambda, WatchPug, Wayne, berndartmueller, byterocket, cccz, codexploder, horsefacts, kenzo, obront, obtarian, oyc_109, peritoflores, rajatbeladiya, rfa, saian, unforgiven, zer0dot
11.084 USDC - $11.08
Owner can't rescuing exchange fees paid of the contract
The function using msg.value as the value that intended to be transferred to destination. By doing this way, if owner want to rescue 10 ETH from the contract, he need to send 10 eth to make msg.value == 10. Therefore, The function is useless and the ETH will stuck in the contract.
Manual review
Replace msg.value with address(this).balance:
(bool sent, ) = destination.call{value: address(this).balance}('');
or make new parameter to send certain amount of ETH:
function rescueETH(address destination, uint amount) external onlyOwner { (bool sent, ) = destination.call{value: amount}(''); require(sent, 'failed'); }
then remove the payable
#0 - nneverlander
2022-06-22T18:30:54Z
Duplicate
#1 - nneverlander
2022-07-05T11:41:48Z
#2 - HardlyDifficult
2022-07-09T16:51:14Z
🌟 Selected for report: joestakey
Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, 8olidity, BowTiedWardens, Chom, Cityscape, Czar102, ElKu, FSchmoede, Funen, GimelSec, GreyArt, IllIllI, KIntern, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, Ruhum, Sm4rty, StErMi, TerrierLover, TomJ, Treasure-Seeker, VAD37, WatchPug, Wayne, _Adam, a12jmx, abhinavmir, antonttc, apostle0x01, asutorufos, berndartmueller, cccz, cloudjunky, codexploder, cryptphi, csanuragjain, defsec, delfin454000, fatherOfBlocks, georgypetrov, hake, hansfriese, horsefacts, hyh, k, kenta, nxrblsrpr, oyc_109, peritoflores, rajatbeladiya, reassor, rfa, robee, sach1r0, saian, samruna, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, wagmi, zzzitron
48.977 USDC - $48.98
Title: Useless receive() function
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L121 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L57
The InfinityExchange.sol contract already has fallback() function which can receive data and ether (receive can only receive eth). We can just remove receive() function
Title: Using constructor() in InfinityStaker.sol
The vars are not constant and can set anytime through function. Therefore, setting the initial value via constructor can increase readability of the code (since the hardcoded value won't have the same value as the value in the future). And also it can save gas
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xAsm0d3us, 0xDjango, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xkowloon, BowTiedWardens, Chom, ElKu, FSchmoede, Funen, GimelSec, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, PwnedNoMore, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Wayne, Waze, _Adam, antonttc, apostle0x01, asutorufos, c3phas, codexploder, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hyh, joestakey, k, kenta, oyc_109, peritoflores, reassor, rfa, robee, sach1r0, simon135, slywaters, zer0dot
31.2157 USDC - $31.22
Title: Using delete statement
Using delete to set value == 0 can save 4 gas per execution
#0 - nneverlander
2022-06-22T14:21:53Z
Thanks