Platform: Code4rena
Start Date: 07/07/2023
Pot Size: $121,650 USDC
Total HM: 36
Participants: 111
Period: 7 days
Judge: Picodes
Total Solo HM: 13
Id: 258
League: ETH
Rank: 11/111
Findings: 3
Award: $1,908.64
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Aymen0909
Also found by: 0xWaitress, KupiaSec, wangxx2026
768.245 USDC - $768.25
Unable to calculate cost correctly
_liquidatableBalanceOf->availableYieldBalance
Through availableYieldBalance, we know that what is returned is assert not shares Through mintYieldFee, _increaseYieldFeeBalance we know that _yieldFeeTotalSupply is sharesοΌand the parameter that _increaseYieldFeeBalance needs to pass is shares
So the assert is missing here and converted to shares
manual review
Convert assert to shares by _convertToShares
if (_yieldFeePercentage != 0) { _increaseYieldFeeBalance( _convertToShares( (_amountOut * FEE_PRECISION) / (FEE_PRECISION - _yieldFeePercentage) - _amountOut, Math.Rounding.Down ) ); }
Error
#0 - c4-judge
2023-07-16T15:42:32Z
Picodes marked the issue as duplicate of #427
#1 - c4-judge
2023-08-05T21:47:48Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2023-08-05T21:48:00Z
Picodes marked the issue as partial-50
#3 - Picodes
2023-08-05T21:48:50Z
Partial credit due to the report's low quality
π Selected for report: Aymen0909
Also found by: 0xWaitress, KupiaSec, wangxx2026
768.245 USDC - $768.25
The shares parameter passed to _mint is assets not shares, resulting in data confusion
function _mint(address _receiver, uint256 _shares) internal virtual override;
_amountOut is assets, _mint needs shares, _amountOut needs to be converted to shares
change from
_mint(_account, _amountOut);
to
_mint(_account, _convertToShares(_amountOut, Math.Rounding.Down));
Error
#0 - c4-judge
2023-07-14T22:42:49Z
Picodes marked the issue as duplicate of #5
#1 - c4-judge
2023-08-05T21:47:36Z
Picodes marked the issue as satisfactory
π Selected for report: Udsen
Also found by: 0xMirce, 0xPsuedoPandit, 0xStalin, 0xbepresent, Aymen0909, Bobface, Co0nan, GREY-HAWK-REACH, Jeiwan, John, KupiaSec, LuchoLeonel1, Nyx, Praise, RedTiger, alexweb3, bin2chen, btk, dacian, dirk_y, josephdara, keccak123, ktg, mahdirostami, markus_ether, minhtrng, ni8mare, peanuts, ptsanev, ravikiranweb3, rvierdiiev, seeques, serial-coder, shaka, teawaterwire, wangxx2026, zzzitron
2.2492 USDC - $2.25
Anyone can get _yieldFeeTotalSupply
Get shares after calling mintYieldFee, and then withdraw through withdraw() without any other restrictions in between
manual review
should add modifier onlyOwner
Access Control
#0 - c4-judge
2023-07-14T22:22:23Z
Picodes marked the issue as duplicate of #396
#1 - c4-judge
2023-08-05T22:03:59Z
Picodes marked the issue as satisfactory
π Selected for report: RedTiger
Also found by: wangxx2026, zzzitron
1138.1408 USDC - $1,138.14
would lead to undercollateralization
The under-mortgage check should be placed after _mint, because _mint will affect the mortgage. If it is placed before, it will lead to the introduction of under-mortgage after _mint
_requireVaultCollateralized->_isVaultCollateralized->_currentExchangeRate
_mint->_updateExchangeRate->_currentExchangeRate
We missed post-execution mortgage checks
manual review
Call _requireVaultCollateralized after _mint function mintYieldFee(uint256 _shares, address _recipient) external {
if (_shares > _yieldFeeTotalSupply) revert YieldFeeGTAvailable(_shares, _yieldFeeTotalSupply); _yieldFeeTotalSupply -= _shares; _mint(_recipient, _shares); _requireVaultCollateralized(); emit MintYieldFee(msg.sender, _recipient, _shares);
}
Invalid Validation
#0 - c4-judge
2023-07-18T19:50:59Z
Picodes marked the issue as duplicate of #307
#1 - c4-judge
2023-08-06T10:55:25Z
Picodes marked the issue as satisfactory