Platform: Code4rena
Start Date: 15/06/2022
Pot Size: $30,000 USDC
Total HM: 5
Participants: 55
Period: 3 days
Judge: Jack the Pug
Id: 138
League: ETH
Rank: 3/55
Findings: 2
Award: $3,600.11
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xFar5eer, 0xNazgul, 0xNineDec, 242, Chom, Czar102, Funen, GimelSec, Meera, Picodes, Sm4rty, Tadashi, TerrierLover, Waze, _Adam, a12jmx, asutorufos, codexploder, cryptphi, defsec, gzeon, hyh, joestakey, minhquanym, oyc_109, reassor, robee, saian, sorrynotsorry, unforgiven, zzzitron
53.6173 USDC - $53.62
bribesProcessor///@dev Change the contract that handles bribes function setBribesProcessor(IBribesProcessor newBribesProcessor) external { _onlyGovernance(); bribesProcessor = newBribesProcessor; }
The bribeProcessor is not set in the initialize function, so it starts with zero address. Also, setBribesProcessor can set the bribesProcessor to the zero address.
Although no amount can be transferred to zero address thanks to the usage of safeTransfer, sweepRewardToken and claimBribesFromHiddenHand will revert when the bribesProcessor is not set.
To mitigate this, the bribesProcessor can be set in the initialize function and add zero address check to setBribesProcessor.
/// after claiming rewards or swapping are auto-compunded.
auto-compunded to auto-compounded// TODO: Hardcode claim.account = address(this)?
#0 - GalloDaSballo
2022-06-19T01:37:47Z
What if we don't want to have a bribesProcessor anymore?
ack rest
#1 - jack-the-pug
2022-07-10T08:36:12Z
I'll upgrade Missing zero address check for bribesProcessor to High and that's a dup of #18