Platform: Code4rena
Start Date: 26/05/2022
Pot Size: $75,000 USDT
Total HM: 31
Participants: 71
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 18
Id: 126
League: ETH
Rank: 55/71
Findings: 1
Award: $99.92
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xf15ers, BouSalman, Chom, Deivitto, Dravee, ElKu, FSchmoede, Funen, GimelSec, Hawkeye, MiloTruck, Picodes, SecureZeroX, SmartSek, TerrierLover, WatchPug, _Adam, asutorufos, berndartmueller, c3phas, catchup, cccz, cogitoergosumsw, cryptphi, csanuragjain, delfin454000, dipp, ellahi, gzeon, hansfriese, horsefacts, hyh, kirk-baird, minhquanym, oyc_109, pauliax, reassor, robee, sashik_eth, shenwilly, simon135, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s
99.9237 USDT - $99.92
This report do list low-risk and non-critical findings presented in the protocol codebase, these findings do not effect any assets connected to users or the protocol. However these issues are related to coding and security best practices.
There is some require statements used inside the protocol codebase however No message were provided. It's advised to provide a message with the require statement to alert the users and state what cause this error.
https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VE3DLocker.sol#L154-L155 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VE3DLocker.sol#L165-L167 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VE3DLocker.sol#L180
When dealing with big numbers developers can make a use of scientific notation format to increase code readability, However there is occurrences in the protocol codebase where double asterisk is used instead of scientific notation.
Some of the implemented functions inside the protocol are of type Public, However these functions are not used within the contracts. functions like this should be labeled external to have a better code readability.
It's advised to make a use of _safemint() function when possible instead of the regular _mint() since the later can't distinguish the recipient, and this may lead to loss of assets if no logic implemented in the recipient to handle the received assets.
https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/DepositToken.sol#L29 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/token/VE3Token.sol#L29 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/token/VeToken.sol#L27
#0 - GalloDaSballo
2022-07-06T23:40:23Z
NC
Valid Refactor
##Â Function type from public to external Valid Refactor
Invalid, safeMint is for ERC721 not ERC20
#1 - GalloDaSballo
2022-07-06T23:42:02Z
2R, 1 NC