Platform: Code4rena
Start Date: 25/10/2022
Pot Size: $50,000 USDC
Total HM: 18
Participants: 127
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 175
League: ETH
Rank: 21/127
Findings: 2
Award: $432.45
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: trustindistrust
Also found by: 0xbepresent, Jujic, Lambda, RaoulSchaffranek, c7e7eff, catchup, codexploder, cryptonue, d3e4, eierina, jwood, pashov, peanuts, pedroais, simon135
33.634 USDC - $33.63
If the operator is malicious they can mint as many tokens as they want causing the price of dbr to go down maybe causing liquidations or get extreme low interest rate.
function mint(address to, uint256 amount) public { require( minters[msg.sender] == true || msg.sender == operator, "ONLY MINTERS OR OPERATOR" ); _mint(to, amount); }
VIM
make operator multisig and make sure the minters are properly inputed.
#0 - c4-judge
2022-11-05T22:20:35Z
0xean marked the issue as duplicate
#1 - Simon-Busch
2022-12-05T15:36:20Z
Issue marked as satisfactory as requested by 0xean
#2 - c4-judge
2022-12-07T08:22:00Z
Simon-Busch marked the issue as duplicate of #301
🌟 Selected for report: 0x1f8b
Also found by: 0xNazgul, 0xSmartContract, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, ElKu, JC, Josiah, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Waze, __141345__, adriro, aphak5010, brgltd, c3phas, c7e7eff, carlitox477, cducrest, ch0bu, chrisdior4, cryptonue, cryptostellar5, cylzxje, d3e4, delfin454000, enckrish, evmwanderer, fatherOfBlocks, gogo, hansfriese, horsefacts, immeas, leosathya, lukris02, neumo, oyc_109, pedr02b2, rbserver, robee, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, tnevler, trustindistrust, wagmi
398.8207 USDC - $398.82
liqaudtionfactorbps can be set to 10_000 unlike what the comment saysonDeposit()collateralFactorbps replenishmentIncentiveBps gets set to 0 which in the comments say isnt possiblelatestAnswer oracle is deprecatedif (feeds[token].feed != IChainlinkFeed(address(0))) { // get price from feed uint256 price = feeds[token].feed.latestAnswer(); require(price > 0, "Invalid feed price");
latestAnwer can return 0 on worst occiason and make most of the market not work but people can still deposit chick is bad and people can loose funds reason it qa is because of the revert of price is zero if the protocol didnt have that then it would be a medium
liqaudtionfactorbps can be set to 10_000 unlike what the comment says@dev Must be set between 1 and 10000. @param _liquidationFactorBps The new liquidation factor in basis points. 1 = 0.01%/ */ function setLiquidationFactorBps(uint256 _liquidationFactorBps) public onlyGov { require( _liquidationFactorBps > 0 && _liquidationFactorBps <= 10000, "Invalid liquidation factor" ); liquidationFactorBps = _liquidationFactorBps; }
function recall(uint256 amount) public { require(msg.sender == lender, "Only lender can recall"); dola.transfer(msg.sender, amount); }
function getEscrow(address user) internal returns (IEscrow) { if (escrows[user] != IEscrow(address(0))) return escrows[user]; IEscrow escrow = createEscrow(user); escrow.initialize(collateral, user); escrows[user] = escrow; return escrow; }
its best practice to make view functions the getter functions https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Market.sol#L350
onDeposit()//@done this contract cant handle onDeposit escorws just becarefull because of users use this they can loose funds /* Uncomment if Escrow contract should handle on deposit callbacks. This function should remain callable by anyone to handle direct inbound transfers. function onDeposit() public { } */
Right now there is only pause for borrowing but not depositing into the protocol which if there is bug in the protocol the funds will not get stopped and it can cause loss of funds
tx.origin the user can be opened up to phishing attacks though tx.originin borrowcontoler.sol
collateralFactorbps if collateralFactorbps is 0 then the whole market wont work execpt depositing and you have no way of the getting the funds out
2 ways this can happen on deployment or goverance
collateralbps=0 then the functions will revert
but the governance can change it but it might take a day or 2 for the proposal to get executeduint256 minimumCollateral = (((debt * 1 ether) / oracle.getPrice(address(collateral), collateralFactorBps)) * 10000) / collateralFactorBps;
replenishmentIncentiveBps can be set to 0 which in the comments say isnt possiblewhich is crucial for the market.sol->forceReplenish because if zero then there is no rewards.
require( _replenishmentIncentiveBps < 10000, "Replenishment incentive must be less than 100%" );
then in the comments it says
@dev Must be set between 1 and 10000. @param _replenishmentIncentiveBps The new replenishment incentive set in basis points. 1 = 0.01% */ function setReplenismentIncentiveBps(uint256 _replenishmentIncentiveBps) public
#0 - c4-judge
2022-11-08T00:50:39Z
0xean marked the issue as grade-a