ParaSpace contest - BRONZEDISC's results

The First Ever Cross-Margin NFT Financialization Protocol.

General Information

Platform: Code4rena

Start Date: 28/11/2022

Pot Size: $192,500 USDC

Total HM: 33

Participants: 106

Period: 11 days

Judge: LSDan

Total Solo HM: 15

Id: 186

League: ETH

ParaSpace

Findings Distribution

Researcher Performance

Rank: 84/106

Findings: 1

Award: $103.92

QA:

grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository ParaSpace

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x4non, 0x52, 0xAgro, 0xNazgul, 0xSmartContract, 0xackermann, 9svR6w, Awesome, Aymen0909, B2, BRONZEDISC, Bnke0x0, Deekshith99, Deivitto, Diana, Dravee, HE1M, Jeiwan, Kaiziron, KingNFT, Lambda, Mukund, PaludoX0, RaymondFam, Rolezn, Sathish9098, Secureverse, SmartSek, __141345__, ahmedov, ayeslick, brgltd, cccz, ch0bu, chrisdior4, cryptonue, cryptostellar5, csanuragjain, datapunk, delfin454000, erictee, gz627, gzeon, helios, i_got_hacked, ignacio, imare, jadezti, jayphbee, joestakey, kankodu, ksk2345, ladboy233, martin, nadin, nicobevi, oyc_109, pashov, pavankv, pedr02b2, pzeus, rbserver, ronnyx2017, rvierdiiev, shark, unforgiven, xiaoming90, yjrwkk

Awards

103.9175 USDC - $103.92

Labels

bug

grade-b

QA (Quality Assurance)

edited-by-warden

Q-39

External Links

Link to GitHub issue

QA

The order of the layout does not follow best practices.

The best-practices for layout within a contract is the following order: state variables, events, modifiers, constructor and functions.

file: /contracts/misc/NFTFloorOracle.sol

// events coming before state variables
56:    event AssetAdded(address indexed asset);

// function coming before modifiers
97:    function initialize(

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/misc/NFTFloorOracle.sol#L56

file: /contracts/protocol/pool/PoolConfigurator.sol

// state variable coming after modifiers
69:    uint256 public constant CONFIGURATOR_REVISION = 0x1;

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolConfigurator.sol

file: /contracts/protocol/tokenization/base/IncentivizedERC20.sol

// modifiers coming before state variables
27:     modifier onlyPoolAdmin() {
41:     modifier onlyPool() {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#L27

file: /contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol

// modifiers coming before state variables
45:    modifier onlyPoolAdmin() {  
59:    modifier onlyPool() {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol#L45

file: /contracts/protocol/tokenization/libraries/ApeStakingLogic.sol

// struct coming after functions
77:    struct UnstakeAndRepayParams {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/libraries/ApeStakingLogic.sol#L77

file: /contracts/protocol/tokenization/NToken.sol  

// function coming before constructor
35:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NToken.sol#L35

file: /contracts/protocol/tokenization/PToken.sol

//function coming before constructor
45:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PToken.sol

file: /contracts/protocol/pool/DefaultReserveInterestRateStrategy.sol

116:    struct CalcInterestRatesLocalVars {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/DefaultReserveInterestRateStrategy.sol

file: /contracts/protocol/pool/PoolApeStaking.sol

// struct coming after variables, should come before
224:     struct BorrowAndStakeLocalVar {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolApeStaking.sol

Functions are intercalating from public, external and internal when they should be ordered. Also some view functions are declared before non-view functions which is not a good pattern.

Order of Functions: Ordering helps readers identify which functions they can call and to find the constructor and fallback definitions easier. Functions should be grouped according to their visibility and ordered: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private. Within a grouping, place the view and pure functions last.

file: /contracts/protocol/pool/PoolConfigurator.sol

Some of the external, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolConfigurator.sol

file: /contracts/protocol/tokenization/base/IncentivizedERC20.sol

All the external and public are mixed. Internal functions are in the correct order. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol

file: /contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol

All the external, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol

file: /contracts/protocol/tokenization/base/ScaledBalanceTokenBaseERC20.sol

External and public functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/ScaledBalanceTokenBaseERC20.sol

file: /contracts/protocol/tokenization/libraries/MintableERC721Logic.sol

External, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/libraries/MintableERC721Logic.sol

External, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NToken.sol

file: /contracts/protocol/tokenization/NTokenApeStaking.sol

External, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenApeStaking.sol

file: /contracts/protocol/tokenization/NTokenBAYC.sol

// this function should be the last one since it's the only internal function, the other ones are in the right order
109:    function POOL_ID() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenBAYC.sol#L109

file: contracts/protocol/tokenization/NTokenMAYC.sol

// this function should be the last one since it's the only internal function, the other ones are in the right order
109:    function POOL_ID() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenMAYC.sol

file: /contracts/protocol/tokenization/NTokenMoonBirds.sol

// view and pure functions should come after non-view and non-pure.
36:    function getXTokenType() external pure override returns (XTokenType) {

// view and pure functions should come after non-view and non-pure.
111:    function nestingPeriod(uint256 tokenId)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenMoonBirds.sol

file: /contracts/protocol/tokenization/NTokenUniswapV3.sol


// view and pure functions should go last inside their category
37:    function getXTokenType() external pure override returns (XTokenType) {

// should come right after the contructor
149:    receive() external payable {}

The rest of the functions are all mixed up between internal and external.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenUniswapV3.sol

file: /contracts/protocol/tokenization/PToken.sol
 All the external, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PToken.sol

file: /contracts/protocol/tokenization/PTokenAToken.sol

// this internal function is coming before an external one
23:    function lastRebasingIndex() internal view override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenAToken.sol

file: /contracts/protocol/tokenization/PTokenSApe.sol

All the external, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

View and pure functions should come last in their groupings

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenSApe.sol

file: /contracts/protocol/tokenization/PTokenStETH.sol

// this internal function should come last
23:    function lastRebasingIndex() internal view override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenStETH.sol

file: /contracts/protocol/tokenization/RebasingDebtToken.sol

// the only function out of order is this external one, put it as the first function.
59:    function getScaledUserBalanceAndSupply(address user)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/RebasingDebtToken.sol

file: /contracts/protocol/tokenization/VariableDebtToken.sol

All the external, public and internal functions are mixed. Adding each line here would be massive and unnecessary.

View and pure functions should come last in their groupings

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/VariableDebtToken.sol

file: /contracts/protocol/pool/PoolApeStaking.sol

// this internal functions is coming before external ones
55:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolApeStaking.sol

Netspec missing / misspelled

Everything should be documented to devs and users for a better understanding

file: /contracts/ui/WPunkGateway.sol

// immutable variable should be have a preppended `underline` before declaration
28:    IPunks internal immutable Punk;

// immutable variable should be have a preppended `underline` before declaration
29:    IWrappedPunks internal immutable WPunk;

// immutable variable should be have a preppended `underline` before declaration
30:    IPool internal immutable Pool;

// immutable variable should be have a preppended `underline` before declaration
33:    address public immutable punk;

// immutable variable should be have a preppended `underline` before declaration
34:    address public immutable wpunk;

// immutable variable should be have a preppended `underline` before declaration
35:    address public immutable pool;

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/ui/WPunkGateway.sol

file: /contracts/misc/UniswapV3OracleWrapper.sol

// immutable variable named as a constant
18:    IUniswapV3Factory immutable UNISWAP_V3_FACTORY;

// immutable variable named as a constant
19:    INonfungiblePositionManager immutable UNISWAP_V3_POSITION_MANAGER;

// immutable variable named as a constant
20:    IPoolAddressesProvider public immutable ADDRESSES_PROVIDER;


// netspec missing
23:    constructor(

// netspec missing
33:    struct FeeParams {

// netspec missing
40:    struct PairOracleData {

// netspec missing
217:    function latestAnswer() external pure returns (int256) {

// netspec missing
221:    function _getOracleData(UinswapV3PositionData memory positionData)

// netspec missing
282:    function _getPendingFeeAmounts(UinswapV3PositionData memory positionData)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/misc/UniswapV3OracleWrapper.sol

file: /contracts/ui/UiIncentiveDataProvider.sol

// immutable variable named as a constant
33:    IPoolAddressesProvider public immutable ADDRESSES_PROVIDER;

// netspec missing
34:    constructor(IPoolAddressesProvider addressesProvider) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/ui/UiIncentiveDataProvider.sol

file: /contracts/misc/ParaSpaceOracle.sol

// immutable variable named as a constant
22:    IPoolAddressesProvider public immutable ADDRESSES_PROVIDER;

// immutable variable named as a constant
28:    address public immutable override BASE_CURRENCY;

// immutable variable named as a constant
29:    uint256 public immutable override BASE_CURRENCY_UNIT;

// netspec missing
138:    function getTokenPrice(address asset, uint256 tokenId)

// netspec missing
155:    function getTokensPrices(address asset, uint256[] calldata tokenIds)

// netspec missing
172:    function getTokensPricesSum(address asset, uint256[] calldata tokenIds)

// netspec missing
218:    function _onlyAssetListingOrPoolAdmins() internal view {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/misc/ParaSpaceOracle.sol

file: /contracts/misc/ParaSpaceFallbackOracle.sol

// netspec missing
20:     constructor(

// netspec missing
34:     function getAssetPrice(address asset) public view returns (uint256) {

// netspec missing
63:    function getEthUsdPrice() public view returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/misc/ParaSpaceFallbackOracle.sol

file: /contracts/protocol/pool/PoolApeStaking.sol

// ADDRESSES_PROVIDER should be renamed to _addresses_provider since it's immutable not a constant
34:    IPoolAddressesProvider internal immutable ADDRESSES_PROVIDER;

//netspec missing
55:    function getRevision() internal pure virtual override returns (uint256) {

//netspec missing
224:    struct BorrowAndStakeLocalVar {

413:    function setSApeUseAsCollateral(address user) internal {

428:    function getUserHf(address user) internal view returns (uint256) {

443:    function checkSApeIsNotPaused(DataTypes.PoolStorage storage ps)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolApeStaking.sol

file: /contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol

96:     function name() public view override returns (string memory) {

100:    function symbol() external view override returns (string memory) {

104:    function balanceOf(address account)

290:    function _safeTransferFrom(

364:    function _mintMultiple(

384:    function _burnMultiple(address user, uint256[] calldata tokenIds)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/base/MintableIncentivizedERC721.sol

file: /contracts/protocol/tokenization/libraries/MintableERC721Logic.sol

80:    function executeTransfer(

135:    function executeTransferCollateralizable(

153:    function executeSetIsUsedAsCollateral(

187:    function executeMintMultiple(

260:    function executeBurnMultiple(

340:    function executeApprove(

348:    function _approve(

357:    function executeApprovalForAll(

368:    function executeStartAuction(

386:    function executeEndAuction(

402:    function _checkBalanceLimit(

416:    function _exists(MintableERC721Data storage erc721Data, uint256 tokenId)

424:    function isAuctioned(

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/libraries/MintableERC721Logic.sol

file: /contracts/protocol/tokenization/NToken.sol

52:    function initialize(

95:    function _burn(

127:    function rescueERC20(

136:    function rescueERC721(

151:    function rescueERC1155(

168:    function executeAirdrop(

271:    function onERC721Received(

280:    function onERC1155Received(

295:    function onERC1155BatchReceived(

323:    function getAtomicPricingConfig() external view returns (bool) {

327:    function getXTokenType()

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NToken.sol

file: /contracts/protocol/tokenization/NTokenApeStaking.sol

36:    function initialize(

125:    function POOL_ID() internal pure virtual returns (uint256) {

130:    function initializeStakingData() internal {

136:    function setUnstakeApeIncentive(uint256 incentive) external onlyPoolAdmin {

143:    function apeStakingDataStorage()

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenApeStaking.sol

file: /contracts/protocol/tokenization/NTokenBAYC.sol

109:    function POOL_ID() internal pure virtual override returns (uint256) {

113:    function getXTokenType() external pure override returns (XTokenType) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenBAYC.sol

file: /contracts/protocol/tokenization/NTokenMAYC.sol

109:    function POOL_ID() internal pure virtual override returns (uint256) {

113:    function getXTokenType() external pure override returns (XTokenType) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenMAYC.sol

file: /contracts/protocol/tokenization/NTokenMoonBirds.sol

36:    function getXTokenType() external pure override returns (XTokenType) {

40:    function burn(

63:    function onERC721Received(

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenMoonBirds.sol

file: /contracts/protocol/tokenization/NTokenUniswapV3.sol

37:    function getXTokenType() external pure override returns (XTokenType) {

144:    function _safeTransferETH(address to, uint256 value) internal {

149:    receive() external payable {}

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/NTokenUniswapV3.sol

file: /contracts/protocol/tokenization/PToken.sol

339:    function getXTokenType()

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PToken.sol

file: /contracts/protocol/tokenization/PTokenAToken.sol

31:    function getXTokenType() external pure override returns (XTokenType) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenAToken.sol

file: /contracts/protocol/tokenization/PTokenSApe.sol

27:    constructor(IPool pool) PToken(pool) {

31:    function setNToken(address _nBAYC, address _nMAYC) external onlyPoolAdmin {

36:    function mint(

45:    function burn(

54:    function balanceOf(address user) public view override returns (uint256) {

61:    function scaledBalanceOf(address user)

70:    function transferUnderlyingTo(address, uint256)

79:    function transferOnLiquidation(

87:    function _transfer(

95:    function getXTokenType()

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenSApe.sol

file: /contracts/protocol/tokenization/PTokenStETH.sol

16:    constructor(IPool pool) RebasingPToken(pool) {

30:    function getXTokenType() external pure override returns (XTokenType) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenStETH.sol

file: /contracts/protocol/tokenization/RebasingDebtToken.sol

16:    constructor(IPool pool) VariableDebtToken(pool) {

105:    function _scaledBalanceOf(address user, uint256 rebasingIndex)

119:    function _scaledTotalSupply(uint256 rebasingIndex)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/RebasingDebtToken.sol

file: /contracts/protocol/tokenization/StETHDebtToken.sol

15:    constructor(IPool pool) RebasingDebtToken(pool) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/StETHDebtToken.sol

file: /contracts/protocol/tokenization/VariableDebtToken.sol

158:    function allowance(address, address)

168:    function approve(address, uint256)

177:    function transferFrom(

185:    function increaseAllowance(address, uint256)

194:    function decreaseAllowance(address, uint256)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/VariableDebtToken.sol

file: /contracts/protocol/pool/DefaultReserveAuctionStrategy.sol

50:    constructor(

66:    function getMaxPriceMultiplier() external view returns (uint256) {

70:    function getMinExpPriceMultiplier() external view returns (uint256) {

74:    function getMinPriceMultiplier() external view returns (uint256) {

78:    function getStepLinear() external view returns (uint256) {

82:    function getStepExp() external view returns (uint256) {

86:    function getTickLength() external view returns (uint256) {

90:    function calculateAuctionPriceMultiplier(

101:    function _calculateAuctionPriceMultiplierByTicks(uint256 ticks)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/DefaultReserveAuctionStrategy.sol

file: /contracts/protocol/pool/DefaultReserveInterestRateStrategy.sol
 
// comment says `constant` but was defined as `immutable`
// change OPTIMAL_USAGE_RATIO to _optimal_usage_ratio since it's immutable not a constant
     /**
     * @dev This constant represents the usage ratio at which the pool aims to obtain most competitive borrow rates.
     * Expressed in ray
     **/
30:    uint256 public immutable OPTIMAL_USAGE_RATIO;

// change MAX_EXCESS_USAGE_RATIO to _max_excess_usage_ration since it's immutable not a constant
37:    uint256 public immutable MAX_EXCESS_USAGE_RATIO;

// change ADDRESSES_PROVIDER to _addresses_provider since it's immutable not a constant
39:    IPoolAddressesProvider public immutable ADDRESSES_PROVIDER;

// netspec missing
116:    struct CalcInterestRatesLocalVars {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/DefaultReserveInterestRateStrategy.sol

file: /contracts/misc/ParaSpaceFallbackOracle.sol

// change BEND_DAO to _bend_dao
12:    address public immutable BEND_DAO;
// change UNISWAP_FACTORY to _uniswap_factory
13:    address public immutable UNISWAP_FACTORY;
// change UNISWAP_ROUTER to _uniswap_router
14:    address public immutable UNISWAP_ROUTER;
// change WETH to _weth
15:    address public immutable WETH;
// change USDC to _usdc
16:    address public immutable USDC;

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/misc/ParaSpaceFallbackOracle.sol

Events not indexed

indexed events are better for organization

file: /contracts/protocol/tokenization/libraries/ApeStakingLogic.sol

29:    event UnstakeApeIncentiveUpdated(uint256 oldValue, uint256 newValue);

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/libraries/ApeStakingLogic.sol

Observations

file: /contracts/protocol/pool/PoolApeStaking.sol

// internal function missing underline
55:    function getRevision() internal pure virtual override returns (uint256) {

// internal function missing underline
413:    function setSApeUseAsCollateral(address user) internal {

// internal function missing underline
428:    function getUserHf(address user) internal view returns (uint256) {

// internal function missing underline
443:    function checkSApeIsNotPaused(DataTypes.PoolStorage storage ps)

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/pool/PoolApeStaking.sol

file: /contracts/protocol/tokenization/libraries/ApeStakingLogic.sol

// should have 1 blank line before declaration
29:    event UnstakeApeIncentiveUpdated(uint256 oldValue, uint256 newValue); 

// function name should be changed to _getRevision() to match the other internal ones
35:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/libraries/ApeStakingLogic.sol#L29

file: /contracts/protocol/tokenization/PToken.sol

// function name should be changed to _getRevision() to match the other internal ones
45:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PToken.sol

file: /contracts/protocol/tokenization/PTokenAToken.sol

// function name should be changed to _lastRebasingIndex() to match the other internal ones
23:    function lastRebasingIndex() internal view override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenAToken.sol

file: /contracts/protocol/tokenization/PTokenStETH.sol

// function name should be _lastRebasingIndex()
23:    function lastRebasingIndex() internal view override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/PTokenStETH.sol

file: /contracts/protocol/tokenization/RebasingDebtToken.sol

// function name should be _lastRebasingIndex()
132:    function lastRebasingIndex() internal view virtual returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/RebasingDebtToken.sol

file: /contracts/protocol/tokenization/StETHDebtToken.sol

// function name should be _lastRebasingIndex()
22:    function lastRebasingIndex() internal view override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/StETHDebtToken.sol

file: /contracts/protocol/tokenization/VariableDebtToken.sol

// function name should be _getRevision()
82:    function getRevision() internal pure virtual override returns (uint256) {

https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/tokenization/VariableDebtToken.sol

#0 - c4-judge
2023-01-25T16:18:37Z

dmvt marked the issue as grade-b

ParaSpace contest - BRONZEDISC's results

The First Ever Cross-Margin NFT Financialization Protocol.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-39] QA Report - $103.92

Findings Information

Awards

Labels

External Links

QA

The order of the layout does not follow best practices.

Functions are intercalating from public, external and internal when they should be ordered. Also some view functions are declared before non-view functions which is not a good pattern.

Netspec missing / misspelled

Events not indexed

Observations

#0 - c4-judge2023-01-25T16:18:37Z

#0 - c4-judge
2023-01-25T16:18:37Z