Platform: Code4rena
Start Date: 18/10/2023
Pot Size: $36,500 USDC
Total HM: 17
Participants: 77
Period: 7 days
Judge: MiloTruck
Total Solo HM: 5
Id: 297
League: ETH
Rank: 20/77
Findings: 3
Award: $294.01
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: 0xmystery
Also found by: 0x6d6164616e, 0xWaitress, 0xsurena, Tendency, ZanyBonzy, cryptothemex, hals, lsaudit, ni8mare, niki, phoenixV110, spark, tnquanghuy0512, twcctop
26.0735 USDC - $26.07
https://github.com/open-dollar/od-contracts/blob/b181f77b16bb874dc23eef50f67b21c08ec15481/src/contracts/oracles/CamelotRelayer.sol#L58 https://github.com/open-dollar/od-contracts/blob/c328d560e1540a8079fa30ed98c355bf10f498ed/src/contracts/oracles/UniV3Relayer.sol#L64
Relayer don't support high decimal token pair๏ผcontract creation will revert.
In relayer constructor,
constructor(address _baseToken, address _quoteToken, uint32 _quotePeriod) { ... baseAmount = uint128(10 ** IERC20Metadata(_baseToken).decimals()); @> multiplier = 18 - IERC20Metadata(_quoteToken).decimals(); quotePeriod = _quotePeriod
For example,
https://etherscan.io/token/0xAba8cAc6866B83Ae4eec97DD07ED254282f6aD8A
YAMv2 has 24 decimals, 18 - IERC20Metadata(_quoteToken).decimals() will revert().
manual
consider add high decimal token support.
Decimal
#0 - c4-pre-sort
2023-10-26T05:30:38Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-10-26T05:30:47Z
raymondfam marked the issue as duplicate of #18
#2 - c4-pre-sort
2023-10-27T05:08:01Z
raymondfam marked the issue as duplicate of #323
#3 - c4-judge
2023-11-02T08:45:38Z
MiloTruck marked the issue as satisfactory
230.7966 USDC - $230.80
tokenURI don't check _safeId exist or not ,render will return error token uri msg.
function tokenURI(uint256 _safeId) public view override returns (string memory uri) { uri = nftRenderer.render(_safeId); }
safeId is not checked exist in this function . If a non-exist _safeId is passed,the render logic the concat some 0 value token uri msg, which makes return value inaccurate.
manual
check _safeId exist
Access Control
#0 - c4-pre-sort
2023-10-26T05:21:48Z
raymondfam marked the issue as low quality report
#1 - c4-pre-sort
2023-10-26T05:23:52Z
raymondfam marked the issue as primary issue
#2 - raymondfam
2023-10-26T05:25:33Z
Validation concern. No loss of funds is entailed.
#3 - c4-judge
2023-11-01T21:49:20Z
MiloTruck marked the issue as duplicate of #243
#4 - c4-judge
2023-11-01T21:49:36Z
MiloTruck marked the issue as partial-50
#5 - MiloTruck
2023-11-01T21:51:37Z
While this report has correctly identified the bug, it does not mention that the function violates the ERC-721 spec, which was the main reason why the bug was awarded medium severity.
#6 - c4-judge
2023-11-02T08:42:15Z
MiloTruck marked the issue as satisfactory
#7 - c4-judge
2023-11-03T16:48:06Z
MiloTruck marked the issue as partial-50
๐ Selected for report: MrPotatoMagic
Also found by: Bughunter101, COSMIC-BEE-REACH, HChang26, Stormreckson, T1MOH, Tendency, hals, josephdara, klau5, merlin, tnquanghuy0512, twcctop
37.1417 USDC - $37.14
Safe allowed users can allow others.
function allowSAFE(uint256 _safe, address _usr, uint256 _ok) external safeAllowed(_safe) { address _owner = _safeData[_safe].owner; safeCan[_owner][_safe][_usr] = _ok; emit AllowSAFE(msg.sender, _safe, _usr, _ok); }
Users can be allowed to safe .
Take a look at modifier safeAllowed
modifier safeAllowed(uint256 _safe) { address _owner = _safeData[_safe].owner; if (msg.sender != _owner && safeCan[_owner][_safe][msg.sender] == 0) revert SafeNotAllowed(); _; }
The allowSAFE modifier is allowSAFE ,according to this , any safe allowed user could allow others.
safeCan[_owner][_safe][msg.sender] == 0 will pass if caller is safe allowed, wheather it's safe owner or not
consider add only safeowner logic in allowSAFE function
Access Control
#0 - c4-pre-sort
2023-10-26T05:34:30Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-10-26T05:34:47Z
raymondfam marked the issue as duplicate of #171
#2 - c4-judge
2023-11-02T08:44:21Z
MiloTruck marked the issue as satisfactory