Platform: Code4rena
Start Date: 11/01/2023
Pot Size: $60,500 USDC
Total HM: 6
Participants: 69
Period: 6 days
Judge: Trust
Total Solo HM: 2
Id: 204
League: ETH
Rank: 51/69
Findings: 1
Award: $36.24
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CodingNameKiki
Also found by: 0x1f8b, 0x52, 0x5rings, 0xAgro, 0xSmartContract, 0xcm, 0xkato, 2997ms, Aymen0909, BClabs, BPZ, BRONZEDISC, Bauer, Bnke0x0, Deekshith99, IllIllI, Josiah, Kaysoft, RaymondFam, Rolezn, SaeedAlipoor01988, Tajobin, Udsen, Viktor_Cortess, adriro, arialblack14, betweenETHlines, btk, chaduke, chrisdior4, cryptphi, csanuragjain, cygaar, defsec, descharre, erictee, gzeon, hansfriese, horsefacts, joestakey, koxuan, lukris02, luxartvinsec, nicobevi, oyc_109, pavankv, peanuts, rbserver, scokaf, shark, tnevler, tsvetanovv, zaskoh
36.2377 USDC - $36.24
| Issue | Instances | |
|---|---|---|
| [NC-01] | Long Lines (> 120 Characters) | 26 |
| [NC-02] | Spelling Mistakes | 8 |
| [NC-03] | assert Used Over require | 2 |
| [NC-04] | Underscore Notation Not Used / Not Used Consistently | 2 |
| [NC-05] | Named Imports Not Used | All Contracts |
| [NC-06] | Contract Layout Voids Solidity Docs | 13 Contracts |
| [NC-07] | Explicit Data Types Not Used Consistently | 10 Contracts |
| [NC-08] | Contracts Missing @title NatSpec Tag | 8 Contracts |
| [NC-09] | Order of Functions Not Compliant With Solidity Docs | 7 Contracts |
| [NC-10] | No License Indication | 2 Contracts |
Lines with greater length than 120 characters are used. The Solidity Style Guide suggests that all lines should be 120 characters or less in width.
The following lines are longer than 120 characters, it is suggested to shorten these lines:
contracts/lending/JumpRateModelV2.sol
contracts/lending/tokens/cCash/CCash.sol
contracts/lending/tokens/cToken/CErc20.sol
contracts/lending/OndoPriceOracleV2.sol
contracts/lending/tokens/cErc20ModifiedDelegator.sol
contracts/lending/tokens/cCash/CTokenCash.sol
contracts/lending/tokens/cToken/CTokenModified.sol
/contracts/cash/kyc/KYCRegistry.sol
successfully is misspelled as sucessfullyeligible is misspelled as elligible/contracts/lending/tokens/cCash/CCash.sol
of is misspelled as fo/contracts/lending/OndoPriceOracleV2.sol
common is misspelled as comnmon/contracts/lending/tokens/cErc20ModifiedDelegator.sol
amount is misspelled as amnount (1)amount is misspelled as amnount (2)setter is misspelled as settor/contracts/lending/IOndoPriceOracleV2.sol
asset is misspelled as asssetassert Used Over requireassert should only be used in tests. Consider changing all occurrences of assert to require. Prior to Solidity 0.8 require will refund all remaining gas whereas assert will not. Even after Solidity 0.8 assert will result in a panic which should not occur in production code. As stated in the Solidity Documentation: "[p]roperly functioning code should never create a Panic".
/contracts/cash/factory/CashFactory.sol Links: 97.
97: assert(cashProxyAdmin.owner() == guardian);
/contracts/cash/factory/CashKYCSenderFactory.sol Links: 106.
106: assert(cashKYCSenderProxyAdmin.owner() == guardian);
Consider using underscore notation to help with contract readability (Ex. 23453 -> 23_453).
/contracts/lending/JumpRateModelV2.sol Links: 29.
29: uint public constant blocksPerYear = 2628000;
/contracts/lending/OndoPriceOracleV2.sol Links: 77.
77: uint256 public maxChainlinkOracleTimeDelay = 90000;
All files in scope use file explicit imports in the format: import './file.sol'. Consider using name explicit imports for better code clarity: import {name} from './file.sol'.
The Solidity Style Guide suggests the following contract layout order: type declarations, state variables, events, modifiers, functions.
The following contracts are not compliant (examples are only to prove the layout are out of order NOT a full description):
uint / int default to the explicit data type uint256 / int256. Data types should be explicit like in CashManager.sol.
/contracts/lending/JumpRateModelV2.sol
uint / int's are not explicit/contracts/lending/tokens/cCash/CCash.sol
/contracts/lending/tokens/cToken/CErc20.sol
/contracts/lending/OndoPriceOracleV2.sol
/contracts/lending/tokens/cCash/CTokenInterfacesModifiedCash.sol
/contracts/lending/tokens/cToken/CTokenInterfacesModified.sol
/contracts/lending/tokens/cCash/CTokenCash.sol
/contracts/lending/tokens/cToken/CTokenModified.sol
/contracts/lending/IOndoPriceOracle.sol
uint not explicit: L24./contracts/lending/IOndoPriceOracleV2.sol#L24
uint not explicit: L24.@title NatSpec Tag8 out of 30 of the contracts in scope are missing a @title tag. Given that 22 contracts all have a @title tag, consider adding one per the 8 remaining contracts.
Proxy.sol, Cash.sol, CashKYCSender.sol, CashKYCSenderReceiver.sol, CashManager.sol, IOndoPriceOracle.sol, IOndoPriceOracleV2.sol, and ICashManager.sol are missing a @title tag.
The Solidity Style Guide suggests the following function order: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private.
The following contracts are not compliant (examples are only to prove the functions are out of order NOT a full description):
Some contracts are missing a license indication. If no license is used SPDX-License-Identifier: UNLICENSED should be at the top of a contract.
JumpRateModelV2.sol, and cErc20ModifiedDelegator.sol are missing a license.
#0 - c4-judge
2023-01-23T15:08:42Z
trust1995 marked the issue as grade-b