Platform: Code4rena
Start Date: 05/05/2022
Pot Size: $125,000 DAI
Total HM: 17
Participants: 62
Period: 14 days
Judge: leastwood
Total Solo HM: 15
Id: 120
League: ETH
Rank: 44/62
Findings: 1
Award: $206.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xsomeone, AuditsAreUS, BouSalman, BowTiedWardens, Cityscape, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Picodes, Ruhum, TerrierLover, WatchPug, Waze, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, ellahi, fatherOfBlocks, hake, horsefacts, hyh, jayjonah8, joestakey, kebabsec, kenta, mics, oyc_109, robee, samruna, shenwilly, sikorico, simon135, throttle, tintin
206.5302 DAI - $206.53
flushToAmoThere is no limit on how much amount a token can be flushed to Amo. A keeper can flush more than currentExchanged[underlyingToken] and expose users at risk of not being to claim their transmuted funds.
Add a check before L334 to ensure that there is at least currentExchanged[underlyingToken] amount of token left after flushing, similar to the check done during depositing fund.
creditUnlockRateWhen creditUnlockRate is set to zero, pending user credit won't be unlocked over time. This could happen when creditUnlockBlocks is set larger than FIXED_POINT_SCALAR.
Consider adding sanity check to make sure blocks is lower than FIXED_POINT_SCALAR whenever creditUnlockRate is set:
setFlashFeeMissing sanity check when setting flashMintFee. When accidently set to an unreasonable amount, unaware users might lose fund when flashminting.
Add a reasonable maximum fee check:
function setFlashFee(uint256 newFee) external onlyAdmin { if (newFee > BPS / 2) { // max fee = 50% revert IllegalArgument(); } ... }
Affected code: