Platform: Code4rena
Start Date: 10/06/2021
Pot Size: $45,000 USDC
Total HM: 21
Participants: 12
Period: 7 days
Judge: LSDan
Total Solo HM: 13
Id: 13
League: ETH
Rank: 11/12
Findings: 2
Award: $376.70
🌟 Selected for report: 0
🚀 Solo Findings: 0
s1m0
deposit() function doesn't check the return value of transferFrom() that means if the erc20 token return false instead of reverting the user could deposit for free.
Manual analysis
Use openzeppelin's SafeERC20 library.
#0 - Splidge
2021-06-17T12:24:07Z
Duplicate of #2
#1 - dmvt
2021-07-11T12:37:58Z
duplicate of #2
117.1942 USDC - $117.19
s1m0
The function addToWhitelist should add a user to the whitelist but in reality it toggle the allowance. That means if a user is already whitelisted a second call would put him out of it, this action doesn't follow the expected behaviour from the name of the function.
Manual analysis
Consider renaming the function to toggleToWhitelist or on line 213 instead of toggle put it equal to true.
#0 - Splidge
2021-06-17T13:35:20Z
The whitelist is only for a limited period during the beta test, the idea being that turning it off is basically the launch. To this end it'll only be used by myself and not for very long. It's not worth changing the name. I would think that a naming change falls under severity 0 — Non-critical?
#1 - Splidge
2021-06-18T12:58:28Z
Duplicate of #49
#2 - dmvt
2021-07-11T10:51:21Z
duplicate of #49