Platform: Code4rena
Start Date: 11/11/2022
Pot Size: $90,500 USDC
Total HM: 52
Participants: 92
Period: 7 days
Judge: LSDan
Total Solo HM: 20
Id: 182
League: ETH
Rank: 49/92
Findings: 2
Award: $96.32
π Selected for report: 0
π Solo Findings: 0
44.2926 USDC - $44.29
Judge has assessed an item in Issue #236 as M risk. The relevant finding follows:
https://github.com/code-423n4/2022-11-stakehouse/blob/4b6828e9c807f2f7c569e6d721ca1289f7cf7112/contracts/liquid-staking/LiquidStakingManager.sol#L249 It is possible the DAO determine the amount of commission very high for its own benefit, so setting a range for determining the commission seems logical. (Especially MAX commission should be pre- defined.)
#0 - c4-judge
2022-12-01T23:44:51Z
dmvt marked the issue as duplicate of #190
#1 - c4-judge
2022-12-02T17:19:25Z
dmvt marked the issue as partial-50
π Selected for report: 0xSmartContract
Also found by: 0x4non, 0xNazgul, 0xRoxas, 0xdeadbeef0x, 0xmuxyz, 9svR6w, Awesome, Aymen0909, B2, Bnke0x0, CloudX, Deivitto, Diana, Franfran, IllIllI, Josiah, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, Secureverse, SmartSek, Trust, Udsen, a12jmx, aphak5010, brgltd, bulej93, c3phas, ch0bu, chaduke, chrisdior4, clems4ever, cryptostellar5, datapunk, delfin454000, fs0c, gogo, gz627, hl_, immeas, joestakey, lukris02, martin, nogo, oyc_109, pashov, pavankv, peanuts, pedr02b2, rbserver, rotcivegaf, sahar, sakman, shark, tnevler, trustindistrust, zaskoh, zgo
52.0338 USDC - $52.03
This function need a modifier or require, So only authorized address (giant LP l) can call it.
Using β>=β instead of β==β in this command is more logical. In some cases, maybe the user can't calculate an exact amount.
Smaller variable can be used.
Changing this important role should be done in two steps. First, the new address to get the role should be introduced, and then the new address claims the role.
It is possible the DAO determine the amount of commission very high for its own benefit, so setting a range for determining the commission seems logical. (Especially MAX commission should be pre- defined.)
It may be necessary to change the address of the deployer in this contract in the future for any reason. This is an important role and there is a possibility of needing to change it. Therefore, in this agreement, there should be a two-step function where the current deployer can introduce another address as a new deployer role. Then new address call a function and get role.
Unlike the workflow of withdrawing Ether function from a contract, in this deposit function , it makes sense to add a new amount to the total supply just after a successful deposit operation.
In other words, it is better to swap place of lines 71 and 72 together.
In this file, the pragma version is only set to β0.8.13β , while in other files of this project, it is set to β^0.8.13β ( this version and above till 0.9.0). This version difference may cause an unknown problem during the compilation and deployment of the main contract on the mainnet.
ΩWallet may exist before calling this function (already cloned). Although calling and re-creating the wallet does not cause any problem, but by checking the condition [ if walletExists[wallet] == true]b before re-clone, you can avoid the re-execution of the function body and wasteful consumption of gas.
You can check the following condition [if (_isTransferApproved[from][to] != status)] and execute the next assignment command only if the condition is true, thus avoiding unnecessary gas consumptioan in some cases. For this, it is enough to swap the two lines number 132 and 133.
Thank you π
#0 - c4-judge
2022-12-01T23:44:29Z
dmvt marked the issue as grade-b