Platform: Code4rena
Start Date: 05/05/2022
Pot Size: $125,000 DAI
Total HM: 17
Participants: 62
Period: 14 days
Judge: leastwood
Total Solo HM: 15
Id: 120
League: ETH
Rank: 18/62
Findings: 2
Award: $400.29
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xsomeone, AuditsAreUS, BouSalman, BowTiedWardens, Cityscape, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Picodes, Ruhum, TerrierLover, WatchPug, Waze, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, ellahi, fatherOfBlocks, hake, horsefacts, hyh, jayjonah8, joestakey, kebabsec, kenta, mics, oyc_109, robee, samruna, shenwilly, sikorico, simon135, throttle, tintin
310.858 DAI - $310.86
Several initialize() functions lack access control and can be front-run.
The gALCX.transferOwnership() function lacks a proper ownership transfer pattern. It is recommended to make this a two-step process to ensure that the new owner is truly the desired address. The first function called will set the pending owner and a second function must be called by the pending owner to accept the ownership transfer.
Contracts contain a floating pragma. It is recommended to deploy all contracts with a single, specific compiler version to reduce the risk of compiler-specific bugs and contracts deployed with different versions.
Accepting the governance change does not reset pendingGovernance back to address(0).
It is recommended to follow a reverse CEI pattern for deposits. In the following example, the balances are updated prior to token transfer.
All references are UINT256 except this one:
This function contains white space between every function call which the previous function contains the same calls without line breaks.
For all references to _checkArgument expect one, the function checks that value > 0. In this example, it checks that the UINT != 0.
#0 - 0xfoobar
2022-05-30T07:44:53Z
Useful QA
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsomeone, AlleyCat, BowTiedWardens, Cityscape, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Randyyy, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, augustg, bobirichman, catchup, csanuragjain, ellahi, fatherOfBlocks, hake, hansfriese, horsefacts, ignacio, joestakey, kenta, mics, oyc_109, robee, samruna, sashik_eth, sikorico, simon135, throttle
89.4325 DAI - $89.43
The following for loops can be optimized by incrementing i within an unchecked block. The new pattern would be:
for (uint i = 0; i < length;) { doStuff(); unchecked { ++i; } }