Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 46/65
Findings: 1
Award: $44.77
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, AlleyCat, BouSalman, Dravee, Funen, GimelSec, Hawkeye, MaratCerby, Picodes, StErMi, TerrierLover, WatchPug, Waze, berndartmueller, bobirichman, cryptphi, csanuragjain, defsec, delfin454000, dipp, fatherOfBlocks, hake, hickuphh3, hyh, joestakey, kebabsec, mics, mtz, oyc_109, p4st13r4, p_crypt0, robee, rotcivegaf, sikorico, simon135, sorrynotsorry, tintin
44.7682 USDC - $44.77
CollateralAdapterIn the function addCollateralAsset():
_assetToVaults[_externalAsset] = _acceptVault; _collateralAssets[_externalAsset] = _internalAsset;
there are no checks that the admin provided _externalAsset nor _internalAsset is not 0x0. If this is accidentally whitelisted then subsequent require checks against the 0 address will revert and functions like liquidationCall() will fail.
CollateralAdapterIt would increase transparency if events were emitted when new collateral pairs are added
In ConvexCurveLPVault's setConfiguration() it is possible for admins to reassign addresses for curve and the pool, emitting an event would be helpful in letting users know.
#0 - HickupHH3
2022-06-06T07:08:36Z
both are NC