Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $30,000 USDC
Total HM: 6
Participants: 93
Period: 3 days
Judge: gzeon
Id: 118
League: ETH
Rank: 55/93
Findings: 2
Award: $46.80
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: defsec
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0x52, 0xDjango, 0xf15ers, 0xkatana, 0xliumin, AuditsAreUS, BowTiedWardens, CertoraInc, Cr4ckM3, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, M0ndoHEHE, MaratCerby, Picodes, Ruhum, TerrierLover, TrungOre, VAD37, WatchPug, berndartmueller, broccolirob, catchup, cccz, cryptphi, csanuragjain, delfin454000, dirk_y, eccentricexit, ellahi, fatherOfBlocks, gzeon, hake, hansfriese, hickuphh3, horsefacts, hubble, hyh, ilan, joestakey, kebabsec, kenta, kenzo, leastwood, m9800, marximimus, minhquanym, oyc_109, p4st13r4, pauliax, pedroais, peritoflores, plotchy, rajatbeladiya, reassor, rfa, robee, rotcivegaf, samruna, shenwilly, shung, simon135, sorrynotsorry, sseefried, teddav, throttle, tintin, unforgiven, z3s
30.2759 USDC - $30.28
Consider to add event emission to critical onlyOwner functions;
https://github.com/code-423n4/2022-05-runes/blob/main/contracts/ForgottenRunesWarriorsGuild.sol#L125-L176 https://github.com/code-423n4/2022-05-runes/blob/main/contracts/ForgottenRunesWarriorsMinter.sol#L424-L630
Also end user critical functions should emit events (refunds, bidSummon, mintlistSummon, publicSummon, claimSummon, teamSummon)
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xProf, 0xc0ffEE, 0xf15ers, 0xkatana, 0xliumin, ACai, AlleyCat, CertoraInc, Cityscape, Cr4ckM3, DavidGialdi, Dinddle, FSchmoede, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, M0ndoHEHE, MaratCerby, MiloTruck, Picodes, RoiEvenHaim, Tadashi, TerrierLover, TrungOre, VAD37, WatchPug, antonttc, catchup, defsec, delfin454000, dirk_y, eccentricexit, ellahi, fatherOfBlocks, gzeon, hake, hansfriese, hickuphh3, horsefacts, ilan, joestakey, kebabsec, kenta, kenzo, marximimus, minhquanym, noobie, oyc_109, p4st13r4, pauliax, rajatbeladiya, reassor, rfa, robee, rotcivegaf, saian, samruna, shenwilly, shung, simon135, slywaters, sorrynotsorry, throttle, unforgiven, z3s
16.5224 USDC - $16.52
I recommend to set contract variables WETH, warriors and vault as immutable, these variables shouldnt change, then you could remove functions, setWarriorsAddress, setWethAddress, setVaultAddress.
Now the constructor should be
constructor(IForgottenRunesWarriorsGuild _warriors, address _weth) { warriors = _warriors; weth = _weth; vault = msg.sender; }
daMintersConsider reeplacing theses lines https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L355-L357 For
address[] memory _daMinters = daMinters; for (uint256 i = startIdx; i < endIdx + 1;) { _refundAddress(_daMinters[i]); unchecked { i++; } }
Since numWarriors input is validated and lower equal than 20 you could use unchecked in this lines
https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L152-L154
unchecked { daAmountPaid[msg.sender] += msg.value; daNumMinted[msg.sender] += numWarriors; numSold += numWarriors; }
Use unchecked in https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L193
unchecked{ numSold += 1; }
Use unchecked in (numWarriors is equal or less than 20 so there is no overflow issue)
https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L219
unchecked { numSold += numWarriors; }
Use unchecked in https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L248
unchecked { numClaimed += 1; }
Use unchecked in https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L379
unchecked { daAmountRefunded[minter] += owed; }
Consider to change loops pattern from;
for (uint256 i = 0; i < length; i++) { // CODE }
To
for (uint256 i = 0; i < length;) { // CODE unchecked { i++; } }
For loops:
Change this lines https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L162-L164 For
for (uint256 i = 0; i < numWarriors;) { _mint(msg.sender); unchecked { i++; } }
Change this lines https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L220-L222 For
for (uint256 i = 0; i < numWarriors;) { _mint(msg.sender); unchecked { i++; } }
Change this lines https://github.com/code-423n4/2022-05-runes/blob/f562bc57045af5897785e2542878b01ead127775/contracts/ForgottenRunesWarriorsMinter.sol#L259-L261 For
for (uint256 i = 0; i < count;) { _mint(recipient); unchecked { i++; } }
{ address[] memory _daMinters = daMinters; for (uint256 i = startIdx; i < endIdx + 1;) { _refundAddress(_daMinters[i]); unchecked { i++; } } } ```