Platform: Code4rena
Start Date: 05/01/2023
Pot Size: $90,500 USDC
Total HM: 55
Participants: 103
Period: 14 days
Judge: Picodes
Total Solo HM: 18
Id: 202
League: ETH
Rank: 86/103
Findings: 1
Award: $51.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ladboy233
Also found by: 0x1f8b, 0xAgro, 0xSmartContract, 0xbepresent, 0xkato, Aymen0909, CodingNameKiki, Cryptor, Deekshith99, Deivitto, HE1M, IllIllI, Kaysoft, Koolex, PaludoX0, Qeew, RaymondFam, Rolezn, Sathish9098, Tointer, a12jmx, arialblack14, ast3ros, ayeslick, bin2chen, btk, caventa, ch0bu, chaduke, chrisdior4, delfin454000, descharre, evan, fatherOfBlocks, georgits, gz627, jasonxiale, joestakey, kaden, lukris02, nicobevi, nogo, oberon, oyc_109, pfapostol, rbserver, sakshamguruji, seeu, shark, simon135, slvDev, synackrst, tnevler, whilom, zaskoh
51.3151 USDC - $51.32
For non-library contracts, floating pragmas may be a security risk for application implementations, since a known vulnerable compiler version may accidentally be selected or security tools might fallback to an older compiler version ending up checking a different EVM compilation that is ultimately deployed on the blockchain.
pragma solidity >=0.8.16;pragma solidity ^0.8.17;pragma solidity ^0.8.17;pragma solidity ^0.8.16;pragma solidity ^0.8.17;pragma solidity ^0.8.17;pragma solidity ^0.8.13;Missing license agreements (SPDX-License-Identifier) may result in lawsuits and improper forms of use of code.
The Solidity file is missing the SPDX-License-IdentifierThe Solidity file is missing the SPDX-License-IdentifierThe Solidity file is missing the SPDX-License-IdentifierThe Solidity file is missing the SPDX-License-IdentifierTo increase explicitness and readability, take into account introducing and utilizing named return parameters.
https://github.com/code-423n4/2023-01-astaria/blob/main/src/AstariaRouter.sol ::224 => function feeTo() public view returns (address) { ::229 => function BEACON_PROXY_IMPLEMENTATION() public view returns (address) { ::402 => function getAuctionWindow(bool includeBuffer) public view returns (uint256) { ::650 => function getProtocolFee(uint256 amountIn) external view returns (uint256) { ::657 => function getLiquidatorFee(uint256 amountIn) external view returns (uint256) { ::680 => function isValidVault(address vault) public view returns (bool) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/AstariaVaultBase.sol ::32 => function IMPL_TYPE() public pure returns (uint8) { ::36 => function owner() public pure returns (address) { ::50 => function START() public pure returns (uint256) { ::54 => function EPOCH_LENGTH() public pure returns (uint256) { ::58 => function VAULT_FEE() public pure returns (uint256) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/ClearingHouse.sol ::47 => function COLLATERAL_ID() public pure returns (uint256) { ::51 => function IMPL_TYPE() public pure returns (uint8) { ::78 => function supportsInterface(bytes4 interfaceId) external view returns (bool) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/CollateralToken.sol ::370 => function getConduitKey() public view returns (bytes32) { ::375 => function getConduit() public view returns (address) { ::412 => function securityHooks(address target) public view returns (address) { https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC20-Cloned.sol ::35 => function balanceOf(address account) external view returns (uint256) { ::52 => function transfer(address to, uint256 amount) public virtual returns (bool) { ::76 => function totalSupply() public view virtual returns (uint256) { ::154 => function DOMAIN_SEPARATOR() public view virtual returns (bytes32) { ::158 => function computeDomainSeparator() internal view virtual returns (bytes32) { https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol ::129 => function previewMint(uint256 shares) public view virtual returns (uint256) { ::143 => function previewRedeem(uint256 shares) public view virtual returns (uint256) { ::147 => function maxDeposit(address) public view virtual returns (uint256) { ::151 => function maxMint(address) public view virtual returns (uint256) { ::155 => function maxWithdraw(address owner) public view virtual returns (uint256) { ::160 => function maxRedeem(address owner) public view virtual returns (uint256) { https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC721.sol ::26 => function getApproved(uint256 tokenId) public view returns (address) { ::59 => function balanceOf(address owner) public view virtual returns (uint256) { ::79 => function name() public view returns (string memory) { ::83 => function symbol() public view returns (string memory) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol ::246 => function getInterest(Stack calldata stack) public view returns (uint256) { ::385 => function _exists(uint256 tokenId) internal view returns (bool) { ::702 => function calculateSlope(Stack memory stack) public pure returns (uint256) { ::742 => function getOwed(Stack memory stack) external view returns (uint88) { ::893 => function getPayee(uint256 lienId) public view returns (address) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol ::196 => function getCurrentEpoch() public view returns (uint64) { ::200 => function getSlope() public view returns (uint256) { ::204 => function getWithdrawReserve() public view returns (uint256) { ::208 => function getLiquidationWithdrawRatio() public view returns (uint256) { ::212 => function getYIntercept() public view returns (uint256) { ::271 => function computeDomainSeparator() internal view override returns (bytes32) { ::461 => function accrue() public returns (uint256) { ::465 => function _accrue(VaultData storage s) internal returns (uint256) { ::490 => function _totalAssets(VaultData storage s) internal view returns (uint256) { ::546 => function getLienEpoch(uint64 end) public pure returns (uint64) { ::552 => function getEpochEnd(uint256 epoch) public pure returns (uint64) { ::699 => function timeToEpochEnd() public view returns (uint256) { ::703 => function timeToEpochEnd(uint256 epoch) public view returns (uint256) { ::722 => function timeToSecondEpochEnd() public view returns (uint256) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/VaultImplementation.sol ::60 => function getStrategistNonce() external view returns (uint256) { ::142 => function getShutdown() external view returns (bool) { ::152 => function domainSeparator() public view virtual returns (bytes32) { ::366 => function recipient() public view returns (address) { ::397 => function _handleProtocolFee(uint256 amount) internal returns (uint256) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/WithdrawProxy.sol ::77 => function decimals() public pure override returns (uint8) { ::215 => function getFinalAuctionEnd() public view returns (uint256) { ::220 => function getWithdrawRatio() public view returns (uint256) { ::225 => function getExpected() public view returns (uint256) { https://github.com/code-423n4/2023-01-astaria/blob/main/src/WithdrawVaultBase.sol ::30 => function IMPL_TYPE() public pure override(IRouterBase) returns (uint8) { ::34 => function asset() public pure virtual override(IERC4626) returns (address) { ::38 => function VAULT() public pure returns (address) { ::42 => function CLAIMABLE_EPOCH() public pure returns (uint64) {
Bad Randomness arises when the attacker can predict the result of a random number. A miner can choose whether to broadcast or delete a block using a technique known as "selective packing." Because of this, a malevolent miner has the chance to get the outcome they want and forecast random numbers.
salt: uint256(blockhash(block.number)),Using an older compiler version might be risky, especially if the version in question has faults and problems that have been made public.
>=0.8.16>=0.8.16^0.8.16>=0.7.5>=0.5.0>=0.5.0^0.8.13#0 - c4-judge
2023-01-26T14:55:56Z
Picodes marked the issue as grade-c
#1 - c4-judge
2023-01-26T14:56:03Z
Picodes marked the issue as grade-b