Canto Liquidity Mining Protocol - 0xAadi's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 03/10/2023

Pot Size: $24,500 USDC

Total HM: 6

Participants: 62

Period: 3 days

Judge: LSDan

Total Solo HM: 3

Id: 288

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 55/62

Findings: 1

Award: $4.94

QA:

grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: adriro

Also found by: 0x3b, 0xAadi, 0xDING99YA, 0xTheC0der, 0xWaitress, 0xdice91, 100su, 3docSec, BRONZEDISC, BoRonGod, Eurovickk, GKBG, HChang26, IceBear, JP_Courses, MatricksDeCoder, Mike_Bello90, SovaSlava, Topmark, albahaca, cookedcookee, gzeon, hunter_w3b, kutugu, lukejohn, marqymarq10, matrix_0wl, orion, pep7siup, radev_sw, sces60107, taner2344, tpiliposian, wahedtalash77, xAriextz, zpan

Awards

4.9369 USDC - $4.94

Labels

bug

grade-b

QA (Quality Assurance)

sufficient quality report

Q-33

External Links

Link to GitHub issue

Summary

Low Risk Issues

	Issue	Instances
[L‑01]	Missing Event for critical functions or parameters change	4

Non-critical Issues

	Issue	Instances
[N‑01]	Remove commented codes	2
[N‑02]	Follow Solidity standard naming conventions (internal function style rule) for functions	8

Low Risk Issues

[L‑01] Missing Event for critical functions or parameters change

Events help non-contract tools to track changes, and events prevent users from being surprised by changes.

There is 4 instance of this issue:

File: contracts/callpaths/LiquidityMiningPath.sol

54:    function claimConcentratedRewards(bytes32 poolIdx, int24 lowerTick, int24 upperTick, uint32[] memory weeksToClaim)

61:    function claimAmbientRewards(bytes32 poolIdx, uint32[] memory weeksToClaim) public payable {

65:    function setConcRewards(bytes32 poolIdx, uint32 weekFrom, uint32 weekTo, uint64 weeklyReward) public payable {

74:    function setAmbRewards(bytes32 poolIdx, uint32 weekFrom, uint32 weekTo, uint64 weeklyReward) public payable {

GitHub: 54, 61, 65, 74

File: contracts/mixins/LiquidityMining.sol

16:     function initTickTracking(bytes32 poolIdx, int24 tick) internal {

24:     function crossTicks(

GitHub: 16, 24

Non-critical Issues

[N‑01] Remove commented codes

There are 2 instances of this issue:

File: contracts/callpaths/LiquidityMiningPath.sol

66:         // require(msg.sender == governance_, "Only callable by governance");

75:         // require(msg.sender == governance_, "Only callable by governance");

GitHub: 66, 75

[N‑02] Follow Solidity standard naming conventions (internal function style rule) for functions

The below codes don’t follow Solidity’s standard naming convention,

internal functions : the mixedCase format starting with an underscore (_mixedCase starting with an underscore)

There are 8 instances of this issue:

File: contracts/mixins/LiquidityMining.sol

16:     function initTickTracking(bytes32 poolIdx, int24 tick) internal {

24:     function crossTicks(

39:     function accrueConcentratedGlobalTimeWeightedLiquidity(

69:     function accrueConcentratedPositionTimeWeightedLiquidity(

156:    function claimConcentratedRewards(

198:    function accrueAmbientGlobalTimeWeightedLiquidity(

224:    function accrueAmbientPositionTimeWeightedLiquidity(

256:    function claimAmbientRewards(

GitHub: 16, 24, 39, 69, 156, 198, 224, 256

#0 - c4-pre-sort
2023-10-09T17:22:48Z

141345 marked the issue as sufficient quality report

#1 - c4-judge
2023-10-18T22:34:32Z

dmvt marked the issue as grade-b

Canto Liquidity Mining Protocol - 0xAadi's results

Execution layer for original work.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-33] QA Report - $4.94

Findings Information

Awards

Labels

External Links

Summary

Low Risk Issues

Non-critical Issues

Low Risk Issues

[L‑01] Missing Event for critical functions or parameters change

Non-critical Issues

[N‑01] Remove commented codes

[N‑02] Follow Solidity standard naming conventions (internal function style rule) for functions

#0 - c4-pre-sort2023-10-09T17:22:48Z

#1 - c4-judge2023-10-18T22:34:32Z

#0 - c4-pre-sort
2023-10-09T17:22:48Z

#1 - c4-judge
2023-10-18T22:34:32Z