Platform: Code4rena
Start Date: 29/04/2021
Pot Size: $30,000 USDC
Total HM: 3
Participants: 6
Period: 6 days
Judge: cemozer
Total Solo HM: 2
Id: 7
League: ETH
Rank: 3/6
Findings: 3
Award: $5,892.87
🌟 Selected for report: 0
🚀 Solo Findings: 0
6696.4286 BLO - $1,339.29
4017.8571 USDC - $4,017.86
shw
In the file UniswapOracle/UniswapConfig.sol, the return value (i.e., index) of the three functions (getSymbolHashIndex, getCTokenIndex, and getUnderlyingIndex) are compared to the constant uint(-1) to check whether the cToken/underlying asset exists or not. However, index should be compared to 0 instead, since the returned value of these three functions has a default value of 0 (the default value of a mapping). The incorrect comparison treats non-existing cTokens/underlying assets as the token with index 0 and leads to unexpected results.
Referenced code: UniswapConfig.sol#L92 UniswapConfig.sol#L107 UniswapConfig.sol#L121 UniswapConfig.sol#L53-L63
None
Change uint(-1) to 0 at line 92, 107, and 121 in UniswapOracle/UniswapConfig.sol.
#0 - ghoul-sol
2021-05-08T19:07:59Z
It's a high risk issue. Duplicate of #24
#1 - ghoul-sol
2021-05-08T21:06:42Z
UniswapConfig has been refactored. Index 0 is considered a non-existent config and all comparison are against that value.
#2 - cemozerr
2021-05-12T18:51:20Z
Closing as it is a duplicate.
669.6429 BLO - $133.93
401.7857 USDC - $401.79
shw
The doTransferOut functions in both CErc20 and CEther contracts do not check whether the recipient (address payable to) is non-zero, which could cause loss of funds if funds are accidentally sent to zero address.
Referenced code: CEther.sol#L145-L148 CErc20.sol#L180-L199
None
Add checks require(to != address(0)) at the beginning of the doTransferOut functions.
#0 - ghoul-sol
2021-05-05T14:58:53Z
Duplicate #16
#1 - ghoul-sol
2021-05-05T15:04:06Z
Recommended fix has been implemented.
#2 - cemozerr
2021-05-12T18:52:32Z
Closing as this is a duplicate.