Back to sakman's contests

LSD Network - Stakehouse contest - sakman's results

A permissionless 3 pool liquid staking solution for Ethereum.

General Information

Platform: Code4rena

Start Date: 11/11/2022

Pot Size: $90,500 USDC

Total HM: 52

Participants: 92

Period: 7 days

Judge: LSDan

Total Solo HM: 20

Id: 182

League: ETH

Stakehouse Protocol

Findings Distribution

Researcher Performance

Rank: 78/92

Findings: 1

Award: $52.03

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryStakehouse Protocol

Findings Information

🌟 Selected for report: 0xSmartContract

Also found by: 0x4non, 0xNazgul, 0xRoxas, 0xdeadbeef0x, 0xmuxyz, 9svR6w, Awesome, Aymen0909, B2, Bnke0x0, CloudX, Deivitto, Diana, Franfran, IllIllI, Josiah, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, Secureverse, SmartSek, Trust, Udsen, a12jmx, aphak5010, brgltd, bulej93, c3phas, ch0bu, chaduke, chrisdior4, clems4ever, cryptostellar5, datapunk, delfin454000, fs0c, gogo, gz627, hl_, immeas, joestakey, lukris02, martin, nogo, oyc_109, pashov, pavankv, peanuts, pedr02b2, rbserver, rotcivegaf, sahar, sakman, shark, tnevler, trustindistrust, zaskoh, zgo

Awards

52.0338 USDC - $52.03

Labels

bug
grade-b
QA (Quality Assurance)
Q-27

External Links

Link to GitHub issue

1. Event is missing indexed fields

contracts/liquid-staking/GiantPoolBase.sol: L19

contracts/liquid-staking/GiantSavETHVaultPool.sol: L16

contracts/syndicate/Syndicate.sol: L63

contracts/liquid-staking/LiquidStakingManager.sol: L66

contracts/liquid-staking/StakingFundsVault.sol: L28 L31

contracts/liquid-staking/SyndicateRewardsProcessor.sol: L12

contracts/liquid-staking/SavETHVault.sol: L22 L121

contracts/liquid-staking/ETHPoolLPFactory.sol: L19 L22 L25

2. Use external instead of public for the following functions

contracts/liquid-staking/LiquidStakingManager.sol: L514

contracts/liquid-staking/GiantSavETHVaultPool.sol: L29

contracts/liquid-staking/GiantMevAndFeesPool.sol: L176

contracts/liquid-staking/LSDNFactory.sol: L73

contracts/liquid-staking/SavETHVault.sol: L200

contracts/liquid-staking/GiantPoolBase.sol: L34

contracts/syndicate/SyndicateFactory.sol: L21

contracts/liquid-staking/StakingFundsVault.sol: L239

contracts/syndicate/Syndicate.sol: L458

3. Only libraries, abstract contracts and interfaces should use multiple compiler versions

contracts/liquid-staking/OptionalGatekeeperFactory.sol: L3

contracts/smart-wallet/OwnableSmartWalletFactory.sol: L3

contracts/liquid-staking/SavETHVault.sol: L3

contracts/liquid-staking/OptionalHouseGatekeeper.sol: L1

contracts/smart-wallet/OwnableSmartWallet.sol: L3

contracts/liquid-staking/GiantPoolBase.sol: L1

contracts/liquid-staking/GiantMevAndFeesPool.sol: L1

contracts/liquid-staking/LSDNFactory.sol: L1

contracts/liquid-staking/GiantLP.sol: L1

contracts/liquid-staking/LiquidStakingManager.sol: L3

contracts/liquid-staking/ETHPoolLPFactory.sol: L3

contracts/liquid-staking/SyndicateRewardsProcessor.sol: L3

contracts/liquid-staking/LPToken.sol: L1

contracts/liquid-staking/StakingFundsVault.sol: L3

contracts/liquid-staking/GiantSavETHVaultPool.sol: L1

contracts/liquid-staking/LPTokenFactory.sol: L1

contracts/liquid-staking/StakingFundsVaultDeployer.sol: L3

contracts/liquid-staking/SavETHVaultDeployer.sol: L1

4. Do not leave the receive/fallback function empty

contracts/liquid-staking/LiquidStakingManager.sol: L629

contracts/liquid-staking/SyndicateRewardsProcessor.sol: L98

5. Events not emmited

contracts/liquid-staking/SavETHVault.sol: L235

contracts/liquid-staking/LPToken.sol: L32

contracts/liquid-staking/LiquidStakingManager.sol: L645 L904 L911

contracts/syndicate/Syndicate.sol: L168

contracts/liquid-staking/StakingFundsVault.sol: L371

#0 - c4-judge

2022-12-01T23:56:26Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter