Posted Updated soliditya minute read (About 184 words)

Audit H/M report Summary from Lybra code4rena

1.Access Control

The recipient of the flash loan will burn a certain amount of tokens as a fee. The recipient can be set to an arbitrary user who impelement receiver.onFlashLoan function.

In certain token-consuming operations, it’s necessary to consider whether only oneself is able to perform this action

2.Context

3.Common

Incorrectly implemented modifiers.

Always check modifiers revert?

4.Upgradable

Logic contact constructor should not update storage variable,cuz it will not be reflected in the proxy’s state.Instead we need use initializer function.

5.Precision Lost

user share can be burned cuz _EUSDAmount.mul(_totalShares).div(totalMintedEUSD) to zero.

6.Context

When using conditional statements, verify whether the values on the left and right sides of the equation meet the expected criteria.

7.Context

threshold value if different from the explanation in the document.

8.Dos

use IVault(pool).vaultType() vaultType can’t be a internel variable.

9.Math(M4)

when calculate token per second use wrong total amount.

10.Math(M6)

use a fixed 1e18 when calculating reward.

11.Context(M7)

not checking locking state when withdraw fund.

12.Context(M8)

calculate total debt not include fee.

#

Comments

Follow

Categories

Recents

Archives

Tags

CREATE21
CTFs4
ERC201
React1
access control1
airdrop1
aptos1
audit2
blast1
chainlink1
chatGPT1
code4rena3
concordium1
conrtact1
damnvulnerabledefi4
dataFeed1
defi11
flashloan1
gas saving2
google spread sheet1
hackathon6
layerzero1
merkle tree1
openzeppelin1
pancakeswap2
pyth1
reserve2
safe1
sam altman1
smart rouetr1
solidity37
vulnerable1
web323
web3 security5

Subscribe for updates

follow.it

×