Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 34/110
Findings: 3
Award: $169.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
116.6703 USDC - $116.67
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L287-L289
The protocol is open to an administrator's maliciousness.
As we can see in this line, the contracts in this project has some sanity checks even for admin only calls.
However, the administrator is free to change a hedge/risk pair timewindow whenever he wants in VaultFactory.sol. This allows him to manipulate when deposits can be done due to this modifier, as long as the period is lower than the epoch begin. An admin could either re-open deposits by lowering the timewindow (which I assume is done by design) but can also block deposits altogether by increasing the timewindow to at least block.timestamp - idEpochBegin[id]
Code reading
Add a custom error to revert the code if the timewindow is too large
error TimewindowTooLarge(); ... if( _timewindow <= block.timestamp ) revert TimewindowTooLarge();
#0 - HickupHH3
2022-10-31T14:27:51Z
dup #60
🌟 Selected for report: Respx
Also found by: 0x1f8b, 0xDecorativePineapple, 0xNazgul, 0xPanas, 0xSmartContract, 0xc0ffEE, 0xmuxyz, Aymen0909, Bahurum, Bnke0x0, CodingNameKiki, Deivitto, Jeiwan, Lambda, Picodes, PwnPatrol, R2, RaymondFam, Rolezn, Ruhum, Saintcode_, SooYa, Tointer, V_B, ajtra, ak1, async, auditor0517, brgltd, c3phas, carrotsmuggler, cccz, csanuragjain, datapunk, djxploit, durianSausage, eierina, erictee, gogo, imare, joestakey, jonatascm, kv, ladboy233, leosathya, lukris02, oyc_109, pashov, pauliax, rbserver, robee, rokinot, rvierdiiev, scaraven, simon135, unforgiven, wagmi, zzzitron
36.6223 USDC - $36.62
The first market index is number 1, rather than 0. https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/VaultFactory.sol#L195
TODO commenthttps://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L196
StakingRewards.sol is using the SafeMath libraryStandard mathematical operations reverts if an invalid operation occurs in solidity ^0.8, which means the library is deprecated.
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol#L4
Function takes 7 arguments, however the @dev comment for _name is missing
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/VaultFactory.sol#L169-L174
#0 - HickupHH3
2022-11-07T00:08:53Z
Market index 0 is skipped
This is NC, not a biggie if 1-indexed instead of 0-indexed.
Missing _name dev parameter
Highlighted the specific param that was missing for incomplete natspec. Thus, low issue, and a satisfactory rating
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, Deivitto, Diana, JAGADESH, KIntern_NA, Lambda, MiloTruck, R2, RaymondFam, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Samatak, Sm4rty, SnowMan, Tomio, Tomo, WilliamAmbrozic, _Adam, __141345__, ajtra, ak1, async, c3phas, ch0bu, cryptostellar5, d3e4, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gianganhnguyen, gogo, ignacio, imare, jag, jonatascm, leosathya, lukris02, malinariy, oyc_109, pashov, pauliax, peanuts, peiw, prasantgupta52, robee, rokinot, rotcivegaf, rvierdiiev, seyni, simon135, slowmoses, sryysryy, tnevler, zishansami
16.1756 USDC - $16.18
Since the project is already using some solmate libraries, it may save some gas by using their reentrancy guard as well.
https://github.com/transmissions11/solmate/blob/main/src/utils/ReentrancyGuard.sol
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L10
#0 - HickupHH3
2022-11-08T15:47:51Z
Surprisingly about 3.8k gas saved minimally. Unique find too! Example of some test gas diffs:
testControllerZeroAddress() (gas: -22863 (-0.131%)) testAllMarketsCreation() (gas: -114315 (-0.132%)) testVaultMarketEpochDoesNotExist() (gas: -11434 (-0.134%)) testFailMarketEpochExists() (gas: -3813 (-0.134%)) testEpochEndMustBeAfterBegin() (gas: -3813 (-0.140%)) testVaultAddressNotController() (gas: -3813 (-0.140%)) testFeeMoreThan() (gas: -3813 (-0.140%))