Platform: Code4rena
Start Date: 28/04/2022
Pot Size: $50,000 USDC
Total HM: 7
Participants: 43
Period: 5 days
Judge: gzeon
Total Solo HM: 2
Id: 115
League: ETH
Rank: 13/43
Findings: 2
Award: $806.66
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: ych18
Also found by: MaratCerby, defsec, robee
755.6243 USDC - $755.62
https://github.com/code-423n4/2022-04-mimo/blob/main/supervaults/contracts/SuperVault.sol#L97
When trying to call SuperVault.executeOperation the transaction reverts. This is because the call to asset.approve() in line{97} doesn't match the expected function signature of approve() on the target contract like in the case of USDT.
This issue exists in any call to approve function when the asset could be any ERC20.
Recommendation : consider using safeApprove of OZ
#0 - m19
2022-05-05T10:01:18Z
Duplicate of #145
#1 - gzeoneth
2022-06-05T15:18:51Z
Judging as Med Risk as function availability could be impacted. Unlike the core protocol, SuperVault can take any token as input and USDT is listed on various lending protocol like AAVE.
51.0404 USDC - $51.04
BorningBatchable in InceptionVaultsCore because the owner variable and the onlyOwner modifier are never used.unchecked block when the under/over flow is impossible to save gas._a in DexAddressProvider can be immutable.