Open code423n4 opened 2 years ago
Good catch on the reentrancy guard
Flagging that this report contains mintCallData has wrong number of arguments in NotionalTradeModule\_mint()
which I confirmed as an issue elsewhere. (Although I think this is in fact more of a QA topic rather than the Mid-risk issue it was flagged as elsewhere).
Summary
We list 3 low-critical findings and 1 non-critical findings:
NotionalTradeModule\_mint()
(Low)
ReentrancyGuard
is not upgradableThe contract
wfCashERC4626
usesERC777Upgradeable
butReentrancyGuard
is not upgradable. It may cause wrong slots of reserved space.Proof of Concept
In
wfCashBase
it use upgradable ERC777:https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashBase.sol#L16
But in
wfCashLogic
it doesn't use upgradableReentrancyGuard
: https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashLogic.sol#L11Tools Used
None
Recommended Mitigation Steps
Use ReentrancyGuardUpgradeable.sol
(Low) No relationship between
depositAmountExternal
andfCashAmount
Impact
depositAmountExternal
andfCashAmount
are both the arguments ofwfCashLogic\mintViaUnderlying()
andwfCashLogic\mintViaAsset()
. But they doesn't make sure thatdepositAmountExternal
is enough forfCashAmount
. We cannot guarantee that NotionalV2 will check that.Proof of Concept
It directly mint
fCashAmount
tokenshttps://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashLogic.sol#L50-L102
Tools Used
None
Recommended Mitigation Steps
Calculate the right amount of token in
wfCashLogic.sol
(Low) floating pragma
Impact
Floating pragma may cause unexpected compilation time behaviour and introduce unintended bugs.
Proof of Concept
https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L2
Recommended Mitigation Steps
Don't use
^
, lock pragma to ensure compiler version. e.g.pragma solidity 0.8.0;
(Non) mintCallData has wrong number of arguments in
NotionalTradeModule\_mint()
Impact
mintCallData has five arguments for
_fCashPosition.mintViaUnderlying.selector
and_fCashPosition.mintViaAsset.selector
. But those functions actually take four arguments.Proof of Concept
https://github.com/code-423n4/2022-06-notional-coop/blob/main/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L523-L530
https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashLogic.sol#L27-L32
https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashLogic.sol#L41-L46
Tools Used
None
Recommended Mitigation Steps
Fix the number of arguments in
NotionalTradeModule\_mint()