Back to BPZ's contests

Ondo Finance contest - BPZ's results

Institutional-Grade Finance. On-Chain. For Everyone.

General Information

Platform: Code4rena

Start Date: 11/01/2023

Pot Size: $60,500 USDC

Total HM: 6

Participants: 69

Period: 6 days

Judge: Trust

Total Solo HM: 2

Id: 204

League: ETH

Ondo Finance

Findings Distribution

Researcher Performance

Rank: 60/69

Findings: 1

Award: $36.24

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOndo Finance

Findings Information

🌟 Selected for report: CodingNameKiki

Also found by: 0x1f8b, 0x52, 0x5rings, 0xAgro, 0xSmartContract, 0xcm, 0xkato, 2997ms, Aymen0909, BClabs, BPZ, BRONZEDISC, Bauer, Bnke0x0, Deekshith99, IllIllI, Josiah, Kaysoft, RaymondFam, Rolezn, SaeedAlipoor01988, Tajobin, Udsen, Viktor_Cortess, adriro, arialblack14, betweenETHlines, btk, chaduke, chrisdior4, cryptphi, csanuragjain, cygaar, defsec, descharre, erictee, gzeon, hansfriese, horsefacts, joestakey, koxuan, lukris02, luxartvinsec, nicobevi, oyc_109, pavankv, peanuts, rbserver, scokaf, shark, tnevler, tsvetanovv, zaskoh

Awards

36.2377 USDC - $36.24

Labels

bug
grade-b
QA (Quality Assurance)
Q-18

External Links

Link to GitHub issue

QA report

FLOATING & OLD VERSION OF PRAGMA

Use debugged complier version . Also use more recent compiler version.

Affected Source Code

Total instances : 19

LACK OF CHECKS ADDRESS(0)

The following methods have a lack of checks if the received argument is an address, it’s good practice in order to reduce human error to check that the address specified in the constructor or initialize is different than address(0).

Affected Source Code

Total instances : 4

LACK OF CHEKS FOR UNITS IN ORDER TO PREVENT SETTING DEFAULT VALUES.

In oder to prevent human errors its better to having a value for units rather than inizialize with 0 values.

Total instances : 2

Internal and private functions should have an underscore prefix with mixedCase(Naming convention)

Affected Source Code

Total instances : 7

External & Public Functions should use mixedCase withot underscore

Affected Source Code

Total instances : 32

Constants should be named with all capital letters with underscores separating words.(For Internal or private constants it should be started with underscore prefix)

Affected Source Code

Total instances : 7

For more read... 1. Solidity Style

Remove assembly for future updates

its better not to use assembly because it reduce readability & future updatability of the code even though assembly reduce gas.

Recommendation Consider removeing all assembly code and re-implement them in Solidity to make the code significantly more clean.

Total instances : 7

incomplete comments

Total instances : 4

Unnecessary code(always false)

Total instances : 3

Modifier and Events should top of the contract(Order of Layout)

For more read... https://docs.soliditylang.org/en/v0.8.15/style-guide.html#order-of-layout

#0 - c4-judge

2023-01-23T14:25:39Z

trust1995 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter