Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 56/101
Findings: 1
Award: $33.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5809 USDC - $33.58
Use open pragma only on interfaces or libraries
In SimpleFeiDaiPSM.sol#L2, TribeRedeemer.sol#L2 and MultiMerkleRedeemer.sol#L2 Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Take a look into SWC-103
Current sign message on MultiMerkleRedeemer.sol#L53 seems to be a sample message, it say Sample message, please update.
Use named imports, as you do on MerkleRedeemerDripper.sol#L4-L5
In this cases you are not using named imports; MultiMerkleRedeemer.sol#L4 SimpleFeiDaiPSM.sol#L4-L5 RariMerkleRedeemer.sol#L4-L9
SimpleFeiDaiPSM.sol#L92-L98: Use recommend order especified in soliditylang
According to order-of-layout in soliditylang the order should be;
Inside each contract, library or interface, use the following order:
- Type declarations
- State variables
- Events
- Modifiers
- Functions
This variables in SimpleFeiDaiPSM.sol#L92-L98 and SimpleFeiDaiPSM.sol#L75 should be declared in the beginning of the contract.
Revert messages should be lower than 32 bytes; SimpleFeiDaiPSM.sol#L39 SimpleFeiDaiPSM.sol#L54 RariMerkleRedeemer.sol#L125-L126 RariMerkleRedeemer.sol#L138-L139 RariMerkleRedeemer.sol#L171 RariMerkleRedeemer.sol#L190-L191 RariMerkleRedeemer.sol#L227 RariMerkleRedeemer.sol#L239 MerkleRedeemerDripper.sol#L24
Try to use custom errors or send a shorter error messages. Checkout this article; https://blog.soliditylang.org/2021/04/21/custom-errors/