Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 48/101
Findings: 1
Award: $33.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5774 USDC - $33.58
uint256 balance = IERC20(tokensReceived[i]).balanceOf(address(this)); require(balance != 0, "ZERO_BALANCE"); // @dev, this assumes all of `tokensReceived` and `redeemedToken` // have the same number of decimals uint256 redeemedAmount = (amountIn * balance) / base;
and balance can be zero and there is no way of changeing it
TribeRedeemer.sol if the deploy makes a mistake on depolyment and adds a eoa address then both functoins will dos and or if a token balance of this address is zero then this functoin will revertif on token list there are alot of atokens or ctokens which take up more gas.
Also since you are using sloading for what tokens are in the token array then its more gas which can cause there to be a dos.
for (uint256 i = 0; i < tokensReceived.length; i++) { uint256 balance = IERC20(tokensReceived[i]).balanceOf(address(this)); require(balance != 0, "ZERO_BALANCE");
cTokenExchangeRates token deciamls is less then 18 decimals then the amount will be zero and there can be loss of fundsthe decimals has to be more then 1e10 not more then 1e18 so if its less then 18 decimals then users wont get anything back and they can loose funds.
for (uint256 i = 0; i < _cTokens.length; i++) { require( _exchangeRates[i] > 1e10, "Exchange rate must be greater than 1e10. Did you forget to multiply by 1e18?" ); cTokenExchangeRates[_cTokens[i]] = _exchangeRates[i]; }
instead of :juuuust use : just https://github.com/code-423n4/2022-09-tribe/blob/eea6e9b31dfcb69b82446fc08917f857dc8e911a/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L247
beacuse it will burn tokens from msg.sender instead of address(this)
this function wont be called and anyone who calls this function will losse their fei but if its dosnt happen their can be a oversupply of fei and cause the price to go down.
function burnFeiHeld() external { uint256 feiBalance = FEI.balanceOf(address(this)); if (feiBalance != 0) { FEI.burn(feiBalance); }
DAI.safeTransfer(to, amountOut);
because balance is token off from msg.sender so there has to be a contract that calls this to make it work.
#0 - HickupHH3
2022-10-08T07:54:01Z
there is no way of this contract burning its fei tokens
incorrect. caller of burn function is contract, not the function caller.
if there is no intermidate contract that users wont be able to get their funds out
i'm not sure what this issue is about. The description isn't clear enough IMO.