Back to samruna's contests

Yieldy contest - samruna's results

A protocol for gaining single side yields on various tokens.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $50,000 USDC

Total HM: 31

Participants: 99

Period: 5 days

Judges: moose-code, JasoonS, denhampreen

Total Solo HM: 17

Id: 139

League: ETH

Yieldy

Findings Distribution

Researcher Performance

Rank: 76/99

Findings: 1

Award: $53.16

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYieldy

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron

Awards

53.1558 USDC - $53.16

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA

  1. Description: Initialized variables can be declared as constant.

Code: https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Staking.sol#L73-74

In above code, both COW_SETTLEMENT and COW_RELAYER can be declared constants in StakingStorage.sol

  1. Return value ignored

Description: Several tokens do not revert in case of failure and return false. If one of these tokens is used in the contract, it will not revert if the transfer fails, and an attacker can call deposit/transfer for free.

Code: https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Migration.sol#L48-52 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Migration.sol#L471-474 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/LiquidityReserve.sol#L57-86

  1. Local Variable not initialized

Description: Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.

Code: https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L16 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L91 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L36

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter