Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Hardcoded uniswap V3 router address

ke1cam

Summary

Using hardcoded addresses is generally considered bad practice and should be avoided whenever possible.

Vulnerability Details

/// uniswap v3 router

ISwapRouter public constant swapRouter =

ISwapRouter(0xE592427A0AEce92De3Edee1F18E0157C05861564);

Impact

Hardcoding address makes the contract less flexible. If the address needs to be changed for any reason you would have to redeploy the contract. It also unables deployment to multiple chains on which the desired address might differ.

Tools Used

Manual Analysis, VScode

Recommendations

Implement swapRouter as immutable state variable and initialize it's value in constructor.

address public immutable WETH;

address public immutable staking;

/// uniswap v3 router

ISwapRouter public immutable swapRouter;

constructor(address _weth, address _staking, address _swapRouter) {

WETH = _weth;

staking = _staking;

swapRouter = ISwapRouter(_swapRouter);

}

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.