Open code423n4 opened 2 years ago
Great formatting, and thorough report. Unfortunately only 1 and a half valid findings.
Would recommend the warden to keep at it and ideally find more, the presentation is there just needs more substance!
4/10 extra point for the extra work, ultimately finding is a lot more relevant than a casual "no check eheh XD"
Report
TurboBooster.canSafeBoostVault()
has unused parametersThe
safe
andfeiAmount
parameters aren't used. The documentation of the function says that the function checks whether the safe is authorized to boost the vault. That's not really the case tho. It just checks whether the boost cap is reached or not. Nothing specific to safe that tries to boost it. I suppose the documentation is just outdated.https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboBooster.sol#L92-L112
testSlurp()
fails with specific inputI'm not really sure what the exact issue here is. But, when running the tests the fuzzer found an input combination that caused the
testSlurp()
test to fail:The following check fails:
Here's the test modified with the correct parameter values:
I tried to figure out where the issue was but didn't manage to find it.
Joey (Joeysantaro) told me that the
assetsOf
won't be part of the final ERC4626 interface. Since it's still part of the contest tho I think it's right to put this into the report. Also, Joey mentioned that the issue probably stems from the really small fee percentage. A value between50e16
and80e16
would be more realistic. The test still fail when you run them with those two values while the other parameters are the same as above.https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/test/TurboSafe.t.sol#L321-L363