You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// Make a call to Disputes contract raiseDisputes.-IDisputes(disputes).raiseDispute(_data, _signature);
+IDisputes(disputes).raiseDispute(_data, _signature, _signer);
}
2. Unnecessary _msgSender calls in Community's lendToProject
// Transfer _lenderFee to HomeFi treasury from lender account
_currency.safeTransferFrom(_msgSender(), homeFi.treasury(), _lenderFee);
// Transfer _amountToProject to _project from lender account
_currency.safeTransferFrom(_msgSender(), _project, _amountToProject);
Recommended Mitigation Steps
As _msgSender() is already saved to memory consider using _sender variable instead of the call
3. Unnecessary _msgSender calls in Project's inviteSC
if (_repayAmount > _interest) {
// If repayment amount is greater than interest then// set lent = lent + interest - repayment.// And set interest = 0.uint256 _lentAndInterest = _lentAmount + _interest;
// Revert if repayment amount is greater than sum of lent and interest.require(_lentAndInterest >= _repayAmount, "Community::!Liquid");
_interest =0;
_lentAmount = _lentAndInterest - _repayAmount;
} else {
// If repayment amount is lesser than interest, then set// interest = interest - repayment
_interest -= _repayAmount;
}
// Update community project details
_communityProject.lentAmount = _lentAmount;
Recommended Mitigation Steps
Consider moving storage update to the part of logic where it happens:
if (_repayAmount > _interest) {
// If repayment amount is greater than interest then// set lent = lent + interest - repayment.// And set interest = 0.uint256 _lentAndInterest = _lentAmount + _interest;
// Revert if repayment amount is greater than sum of lent and interest.require(_lentAndInterest >= _repayAmount, "Community::!Liquid");
_interest =0;
_lentAmount = _lentAndInterest - _repayAmount;
+ _communityProject.lentAmount = _lentAmount;
} else {
// If repayment amount is lesser than interest, then set// interest = interest - repayment
_interest -= _repayAmount;
}
// Update community project details- _communityProject.lentAmount = _lentAmount;
The text was updated successfully, but these errors were encountered:
1. SignatureDecoder.recoverKey() is called twice by two raiseDispute functions with the same result
Disputes' raiseDispute() is called only by Project's raiseDispute() with
_data
passed over:https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Project.sol#L492-L502
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Project.sol#L534-L536
Disputes' raiseDispute() repeats
SignatureDecoder.recoverKey(keccak256(_data),_signature, 0)
with the same result:https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Disputes.sol#L84-L94
Recommended Mitigation Steps
Consider introducing the signer argument and sending the
_signer
to the downstream raiseDispute():https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Project.sol#L534-L536
2. Unnecessary _msgSender calls in Community's lendToProject
lendToProject() does three calls instead of one:
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L379-L380
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L442-L446
Recommended Mitigation Steps
As
_msgSender()
is already saved to memory consider using_sender
variable instead of the call3. Unnecessary _msgSender calls in Project's inviteSC
inviteSC() does two calls instead of one:
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Project.sol#L300-L304
Same for acceptInviteSC():
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Project.sol#L322-L324
Recommended Mitigation Steps
Consider introducing and using
_sender
memory variable instead of the calls4. Unnecessary storage update
lentAmount
is updated even if not changed, when_repayAmount <= _interest
:https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L785-L802
Recommended Mitigation Steps
Consider moving storage update to the part of logic where it happens:
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L785-L802
The text was updated successfully, but these errors were encountered: