Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $55,000 USDC
Total HM: 29
Participants: 88
Period: 5 days
Judge: gzeon
Total Solo HM: 7
Id: 134
League: ETH
Rank: 72/88
Findings: 1
Award: $63.94
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: defsec
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kenshin, Kulk0, Lambda, Limbooo, MadWookie, Metatron, Picodes, Soosh, StErMi, TomJ, WatchPug, Waze, Yiko, _Adam, ak1, asutorufos, aysha, bardamu, catchup, datapunk, delfin454000, dipp, fatherOfBlocks, grGred, hake, hansfriese, hyh, joestakey, kebabsec, kenzo, kirk-baird, oyc_109, pashov, poirots, rfa, robee, saian, sashik_eth, shenwilly, simon135, slywaters, z3s, zeesaw, zer0dot
63.9425 USDC - $63.94
FUNCTIONS READABILITY AND PARAMETER NAMING
Having each function parameter named as a letter (l, u, m, d, a, y, r, etc) makes extremely difficult to follow the code and how logic is performed on each function. Having comments on each variable meaning is helpful but the mismatch on the variable name with its meaning makes this an issue. Providing auditors and the community with code that it's easy to read and understand is an important factor to build trust.
INTERNAL FUNCTIONS NAMING
In order to provide a better understanding of what is intended to do the code and how a call cascades, it is a commonly used convention to add an underscore on the beginning of the name of internal functions. For example: _yield() instead of yield().
LENDER.MARKETPLACE ADDRESS SHOULD BE EXPLICITLY INITIALIZED AS ADDRESS(0)
Lender.setMarketplace marketPlace declaration
The Lender.setMarketplace function checks if the marketplace address has not been previously set. While deploying, every non initialized address is set to address(0) by default. Although this function relies on that initialization principle on deployment, it is advised to explicitly set that variable as follows in order to understand that the assigned value is important for the execution of following contract logic:
address public marketPlace = address(0);