Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 88/96
Findings: 1
Award: $17.26
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 8olidity, ACai, BowTiedWardens, Chandr, Chom, ElKu, Fitraldys, Funen, IgnacioB, JC, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, Randyyy, SmartSek, StErMi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, c3phas, cRat1st0s, catchup, codexploder, cryptphi, defsec, delfin454000, ellahi, exd0tpy, fatherOfBlocks, hansfriese, joestakey, kebabsec, kenta, m_Rassska, minhquanym, oyc_109, pashov, reassor, rfa, robee, sach1r0, saian, sashik_eth, simon135, slywaters, ych18, ynnad, zuhaibmohd
17.2596 USDC - $17.26
keccak256(), should use immutable rather than constantFile: contracts\NibblVault.sol: 51: bytes32 private constant PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"); File: contracts\Test\UpgradedNibblVault.sol: 45: bytes32 private constant _PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"); File: contracts\Utilities\AccessControlMechanism.sol: 12: bytes32 public constant FEE_ROLE = keccak256("FEE_ROLE"); 13: bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE"); 14: bytes32 public constant IMPLEMENTER_ROLE = keccak256("IMPLEMENTER_ROLE");
File: contracts\Bancor\BancorFormula.sol: 188: require(_supply > 0 && _connectorBalance > 0 && _connectorWeight > 0 && _connectorWeight <= MAX_WEIGHT); 219: require(_supply > 0 && _connectorBalance > 0 && _connectorWeight > 0 && _connectorWeight <= MAX_WEIGHT && _sellAmount <= _supply);
If the intention is for the Ether to be used, the function should call another function, otherwise it should revert
File: contracts\Basket.sol: 114: receive() external payable {} File contracts\NibblVault.sol: 585: receive() external payable {} File contracts\NibblVaultFactory.sol: 183: receive() payable external { } File: contracts\Proxy\ProxyBasket.sol: 56: receive() external payable { } File: contracts\Proxy\ProxyVault.sol: 56: receive() external payable { }
File: contracts\Basket.sol: 43: for (uint256 i = 0; i < _tokens.length; i++) { 70: for (uint256 i = 0; i < _tokens.length; i++) { 93: for (uint256 i = 0; i < _tokens.length; i++) { File: contracts\NibblVault.sol: 506: for (uint256 i = 0; i < _assetAddresses.length; i++) { 525: for (uint256 i = 0; i < _assets.length; i++) { 547: for (uint256 i = 0; i < _assets.length; i++) {
Even memory arrays incur the overhead of bit tests and bit shifts to calculate the array length. Storage array length checks incur an extra Gwarmaccess (100 gas) PER-LOOP.
File: contracts\Basket.sol: 43: for (uint256 i = 0; i < _tokens.length; i++) { 70: for (uint256 i = 0; i < _tokens.length; i++) { 93: for (uint256 i = 0; i < _tokens.length; i++) { File: contracts\NibblVault.sol: 506: for (uint256 i = 0; i < _assetAddresses.length; i++) { 525: for (uint256 i = 0; i < _assets.length; i++) { 547: for (uint256 i = 0; i < _assets.length; i++) {
#0 - mundhrakeshav
2022-06-25T18:09:17Z
Duplicate #2, #3, #6, #8, #34