Platform: Code4rena
Start Date: 06/03/2023
Pot Size: $36,500 USDC
Total HM: 8
Participants: 93
Period: 3 days
Judge: cccz
Total Solo HM: 3
Id: 218
League: ETH
Rank: 75/93
Findings: 1
Award: $21.70
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0x1f8b, 0xAgro, 0xSmartContract, 0xfuje, 0xkazim, 0xnev, Aymen0909, Bason, Cyfrin, DadeKuma, LethL, Madalad, MohammedRizwan, Rolezn, SAAJ, SunSec, Udsen, Yukti_Chinta, ast3ros, bin2chen, brgltd, bshramin, btk, bugradar, catellatech, cryptostellar5, descharre, dontonka, erictee, fatherOfBlocks, georgits, glcanvas, hl_, horsefacts, igingu, juancito, lukris02, martin, nadin, nomoi, peanuts, pipoca, sakshamguruji, seeu, slvDev, tnevler, zaskoh
21.7018 USDC - $21.70
| Number | Issues Details |
|---|---|
| [L-01] | MISSING EVENT FOR CRITICAL PARAMETER CHANGE |
| [NC-01] | Use latest Solidity version |
| [NC-02] | Use stable pragma statement |
| [NC-03] | Different pragma directives are used |
| [NC-04] | Use named imports instead of plain import FILE.SOL |
| [NC-05] | In all solidity files, license keyword should be mentioned |
| [NC-06] | Constants should be defined rather than using magic numbers |
| [NC-07] | Add NatSpec documentation |
| [NC-08] | You can use named parameters in mapping types |
Emitting events allows monitoring activities with off-chain monitoring tools.
Lottery.sol 110: function buyTickets( 170: function claimWinningTickets(uint256[] calldata ticketIds) external override returns (uint256 claimedAmount) {
Solidity pragma versioning should be upgraded to latest available version.
VRFv2RNSource.sol pragma solidity ^0.8.7;
Using a floating pragma statement ^0.8.7 is discouraged as code can compile to different bytecodes with different compiler versions. Use a stable pragma statement to get a deterministic bytecode.
Use one Solidity version on each contract.
IMPORT FILE.SOLRecommendation: `import {contract1 , contract2} from "filename.sol";
LotterySetup.sol 36: uint256 private constant BASE_JACKPOT_PERCENTAGE = 30_030 51: if (lotterySetupParams.selectionMax >= 120) { 55: lotterySetupParams.expectedPayout < lotterySetupParams.ticketPrice / 100 61: lotterySetupParams.selectionSize > 16 81: jackpotBound = 2_000_000 * tokenUnit; 126: uint256 mask = uint256(type(uint16).max) << (winTier * 16); 127: uint256 extracted = (nonJackpotFixedRewards & mask) >> (winTier * 16); ReferralSystem.sol 117: if (totalTicketsSoldPrevDraw < 10_000) { 121: if (totalTicketsSoldPrevDraw < 100_000) { 123: return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 75 / 100); 125: (totalTicketsSoldPrevDraw < 1_000_000) { 127: return totalTicketsSoldPrevDraw.getPercentage(PercentageMath.ONE_PERCENT * 50 / 100);
NatSpec documentation to all public/external functions and variables is essential for better understanding of the code by developers and auditors and is strongly recommended.
From Solidity 0.8.18 you can use named parameters in mapping types. This will make the code much more readable.
#0 - thereksfour
2023-03-12T10:33:45Z
1 L 3 INFO 5 NC
#1 - c4-judge
2023-03-12T10:33:51Z
thereksfour marked the issue as grade-b
#2 - c4-sponsor
2023-03-14T11:17:39Z
0xluckydev marked the issue as sponsor confirmed
#3 - 0xluckydev
2023-03-14T11:17:47Z
Low importance. First one is not valid since register emits an event. Same with the second function.