Open code423n4 opened 2 years ago
Agree with the first finding, not super sure about mitigation as it would make the system more bloated
Second finding definitely worth investigating
Zero checks -> Agree by convention
Emit functions are being emitted early as a way to avoid reEntrancy, so I'm ambivalent on this.
Overall the report was short and sweet, no particular formatting was needed and it looks good.
Wish the warden put links to the findings to make it easier to check
In judging am also adding #9
6/10
Bumping to 7 to make it the winner 7/10
After re-review I confirm 7/10 the simple formatting avoids confusion, and the, Caps, Loose Interest and #9 make the report unique
L-01 Missing checks on new Boost Cap
L-02 More funds extracted than required - Lose Interest
L-03 Missing zero address checks
N-01 Emit function called early
L-04 Bypass Boosting cap set by Admin
Missing checks on new Boost Cap
setBoostCapForVault function at TurboBooster.sol#L59 is missing checks to see if newBoostCap>getBoostCapForVault[vault]
This is required since vault might already be at old boost cap.
Setting lower boost cap would mean that boosting is already overflowed in this vault
In case if it is required to lower the boost cap then slurpAndLess function at TurboRouter.sol#L130 must be called to withdraw excess cap amount
Recommendation:
More funds extracted than required - Lose Interest
Recommendation: Calculate the feiDebt first and only withdraw the min(feiAmount,feiDebt) so that only required amount is withdrawn
Missing zero address checks
Emit function called early