Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $90,500 USDC
Total HM: 47
Participants: 169
Period: 7 days
Judge: LSDan
Total Solo HM: 9
Id: 211
League: ETH
Rank: 112/169
Findings: 1
Award: $35.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x3b, 0xAgro, 0xBeirao, 0xMirce, 0xNineDec, 0xRobocop, 0xSmartContract, 0xTraub, 0xWeiss, 2997ms, 41i3xn, Awesome, Aymen0909, Bauer, Bnke0x0, Breeje, Cryptor, DadeKuma, Deathstore, Deekshith99, DevABDee, DevTimSch, Dewaxindo, Diana, Ermaniwe, Guild_3, H0, IceBear, Inspectah, JDeryl, Kaiziron, Kaysoft, Kenshin, Mukund, Praise, RaymondFam, Rickard, Rolezn, Ruhum, Sathish9098, SkyWalkerMan, SleepingBugs, UdarTeam, Udsen, Walter, aashar, adeolu, apvlki, arialblack14, ast3ros, btk, chaduke, chandkommanaboyina, chrisdior4, climber2002, codetilda, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, descharre, dharma09, doublesharp, eccentricexit, ethernomad, fs0c, georgits, halden, hansfriese, hashminer0725, immeas, lukris02, luxartvinsec, matrix_0wl, merlin, mookimgo, mrpathfindr, nadin, olegthegoat, pavankv, rbserver, rebase, savi0ur, sayan, scokaf, seeu, shark, simon135, tnevler, tsvetanovv, ulqiorra, ustas, waldenyan20, y1cunhui, yongskiws, yosuke
35.4779 USDC - $35.48
Context:
return target.call(callData); L24Recommendation:
Choose named return variable or return statement. It is unnecessary to use both.
Context:
function _registerVault(address vault, VaultMetadata memory metadata) internal { L390Context:
event Deployment(address indexed clone); L29 (event definition can not go after constructor)mapping(address => Permission) public permissions; L26 (state variable declaration can not go after constructor)mapping(address => bool) public cloneExists; L28 (state variable declaration can not go after constructor)mapping(address => VaultMetadata) public metadata; L28 (state variable declaration can not go after constructor)mapping(bytes32 => mapping(bytes32 => Template)) public templates; L31 (state variable can not go after constructor)function convertToUnderlyingShares(uint256, uint256 shares) L129 (public function can not go after internal function)mapping(bytes32 => Escrow) public escrows; L64 (state variable can not go after external function)function deposit(uint256 _amount) external returns (uint256) { L75 (external function can not go after public function)Description:
According to official solidity documentation functions should be grouped according to their visibility and ordered:
constructor
receive function (if exists)
fallback function (if exists)
external
public
internal
private
Within a grouping, place the view and pure functions last.
Recommendation:
Put the functions in the correct order according to the documentation.
Context:
* Is used by `VaultController` to check if a target is a registerd clone. L14 (Change registerd to registered)* @param template Contains the implementation address and necessary informations to clone the implementation. L65 (Change informations to information)/// @notice The amount of assets that are free to be withdrawn from the yVault after locked profts. L100 (Change profts to profits)* @dev This function is the one stop solution to create a new vault with all necessary admin functions or auxiliery contracts. L87 (Change auxiliery to auxiliary)// Dont wait more than X seconds L792 (Change dont to don't)* @notice Sets a new `DeploymentController` and saves its auxilary contracts. Caller must be owner. L829 (Change auxilary to auxiliary)/// @Notice Optional - Metadata CID which can be used by the frontend to add informations to a vault/adapter... L13 (Change informations to information)Context:
* @notice Registers a new vault with Metadata which can be used by a frontend. Caller must be owner. (`VaultController`) L41* @notice Clones an implementation and initializes the clone. Caller must be owner. (`VaultController` via `AdminProxy`) L91* @dev The basic templateCategories will be added via `VaultController` they are ("Vault", "Adapter", "Strategy" and "Staking"). L49* @dev there is no check to ensure that all escrows are owned by the same account. Make sure to account for this either by only sending ids for a specific account or by filtering the Escrows by account later on. L49* Only the owner can add new tokens as rewards. Once added they cant be removed or changed. RewardsSpeed can only be adjusted if the rewardsSpeed is not 0. L22* @notice Changes rewards speed for a rewardToken. This works only for rewards that accrue over time. Caller must be owner. L291// If a deposit/withdraw operation gets called for another user we should accrue for both of them to avoid potential issues like in the Convex-Vulnerability L380* @dev Usually the adapter should already be pre configured. Otherwise a new one can only be added after a ragequit time. L55/// @return Maximum amount of underlying `asset` token that may be deposited for a given address. Delegates to adapter. L398/// @return Maximum amount of underlying `asset` token that can be withdrawn by `caller` address. Delegates to adapter. L408* @dev Management fee is annualized per minute, based on 525,600 minutes per year. Total assets are calculated using L425* the average of their current value and the value at the previous fee harvest checkpoint. This method is similar to L426* @dev This function is the one stop solution to create a new vault with all necessary admin functions or auxiliery contracts. L87* @notice Changes rewards speed for a rewardToken. This works only for rewards that accrue over time. Caller must be creator of the Vault. L477/// @notice Pause Deposits and withdraw all funds from the underlying protocol. Caller must be owner or creator of the Vault. L604/// @notice Unpause Deposits and deposit all funds into the underlying protocol. Caller must be owner or creator of the Vault. L630Description:
Maximum suggested line length is 120 characters.
#0 - c4-judge
2023-02-28T18:27:16Z
dmvt marked the issue as grade-b