Back to wagmi's contests

Inverse Finance contest - wagmi's results

Rethink the way you borrow.

General Information

Platform: Code4rena

Start Date: 25/10/2022

Pot Size: $50,000 USDC

Total HM: 18

Participants: 127

Period: 5 days

Judge: 0xean

Total Solo HM: 9

Id: 175

League: ETH

Inverse Finance

Findings Distribution

Researcher Performance

Rank: 74/127

Findings: 1

Award: $36.73

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryInverse Finance

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: 0xNazgul, 0xSmartContract, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, ElKu, JC, Josiah, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Waze, __141345__, adriro, aphak5010, brgltd, c3phas, c7e7eff, carlitox477, cducrest, ch0bu, chrisdior4, cryptonue, cryptostellar5, cylzxje, d3e4, delfin454000, enckrish, evmwanderer, fatherOfBlocks, gogo, hansfriese, horsefacts, immeas, leosathya, lukris02, neumo, oyc_109, pedr02b2, rbserver, robee, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, tnevler, trustindistrust, wagmi

Awards

36.7345 USDC - $36.73

Labels

bug
QA (Quality Assurance)
grade-b
Q-30

External Links

Link to GitHub issue

Summary

IdTitle
1Borrower can avoid paying interest by spamming accrueDueTokens(...) function
2liquidationFeeBps cannot be set back to 0
3No upper limit in setReplenishmentPriceBps(...)

1. Borrower can avoid paying interest by spamming accrueDueTokens(...) function

https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/DBR.sol#L288

In function DBR.accrueDueTokens(...), accrued due is calculated as

uint accrued = (block.timestamp - lastUpdated[user]) * debt / 365 days;

This calculation has a division without PRECISION. If debt is small enough, borrower can spam this function (calling it every block) and the rouding down calculation to 0 will help borrower avoid paying interest.

Recommendation

Consider adding a PRECISION in interest calcultion

2. liquidationFeeBps cannot be set back to 0

https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Market.sol#L194-L197

In constructor, liquidationFeeBps is not set and has default value 0. After that, governance can call setLiquidationFeeBps(...) to set value for liquidationFeeBps.

function setLiquidationFeeBps(uint _liquidationFeeBps) public onlyGov {
    require(_liquidationFeeBps > 0 && _liquidationFeeBps + liquidationIncentiveBps < 10000, "Invalid liquidation fee"); // @audit cannot be set to 0
    liquidationFeeBps = _liquidationFeeBps;
}

However, when it value is changed, it cannot be changed back to 0. So in case, governance want to remove fee to help boost the market, they cannot do it.

Recommendation

Consider allowing liquidationFeeBps to be set back to 0

3. No upper limit in setReplenishmentPriceBps(...)

https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/DBR.sol#L62

There is no upper limit in setReplenishmentPriceBps(...) function. Operator can set unreasonable high replenishmentPriceBps value that even bigger than 10000.

Recommendation

Consider adding a upper limit in setReplenishmentPriceBps(...) function

#0 - c4-judge

2022-11-07T21:50:23Z

0xean marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter