Platform: Code4rena
Start Date: 14/11/2021
Pot Size: $30,000 USDC
Total HM: 7
Participants: 13
Period: 3 days
Judge: leastwood
Total Solo HM: 4
Id: 57
League: ETH
Rank: 4/13
Findings: 3
Award: $1,946.50
🌟 Selected for report: 2
🚀 Solo Findings: 0
🌟 Selected for report: WatchPug
Also found by: 0x0x0x, Meta0xNull, fatima_naz, gzeon, ksk2345
925.536 USDC - $925.54
0x0x0x
This function is intended to change the guardian, but the code changes the governance address as seen in the code:
function setGuardian(address _guardian) external { _onlyGovernance(); governance = _guardian; }
It should be replaced with the following code to have the functionality of setting guardian.
function setGuardian(address _guardian) external { _onlyGovernance(); guardian = _guardian; }
Manual analysis
#0 - tabshaikh
2021-11-15T14:33:33Z
Fixed
#1 - 0xleastwood
2021-12-09T12:11:58Z
duplicate of #51
🌟 Selected for report: 0x0x0x
940.442 USDC - $940.44
0x0x0x
Both contrats have the comment /// ===== Permissioned Actions: Guardian ===== for pause function, but pause function can be used by Guardian or Governance. I recommend changing the comment to avoid confusions.
SettToRenIbbtcZap.sol#L116 and IbbtcVaultZap.sol#L109
#0 - tabshaikh
2021-11-16T13:35:03Z
fixed
#1 - 0xleastwood
2021-12-09T12:45:16Z
Keeping issue as low to match judging spec which states issues related to comments are of low severity.
🌟 Selected for report: 0x0x0x
0x0x0x
It is cheaper to use != 0 than > 0 for uint256.
SettToRenIbbtcZap.sol#L266 IbbtcVaultZap.sol#L150 IbbtcVaultZap.sol#L163 DepositZapibBTC.vy#L283 DepositZapibBTC.vy#L296
Manual analysis
#0 - GalloDaSballo
2021-11-17T16:53:38Z
Factually correct
#1 - MugeR01
2023-09-12T06:26:23Z
I would like to correct this fact, as per Ethereum Yellow Paper, its more gas efficient to use !=0 than >0 since the prior uses more opcodes to compute as compared to the latter.