Platform: Code4rena
Start Date: 17/03/2023
Pot Size: $36,500 USDC
Total HM: 10
Participants: 98
Period: 3 days
Judge: leastwood
Total Solo HM: 5
Id: 223
League: ETH
Rank: 68/98
Findings: 1
Award: $22.77
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Sathish9098
Also found by: 0xAgro, 0xSmartContract, 0xdaydream, 0xnev, Awesome, Aymen0909, BRONZEDISC, Bauchibred, Deathstore, Diana, IceBear, Jerry0x, Kresh, Matin, Rolezn, Stryder, T1MOH, Udsen, adriro, alejandrocovrr, atharvasama, codeslide, cryptonue, descharre, igingu, jack, joestakey, libratus, lukris02, luxartvinsec, nadin, nasri136, reassor, scokaf, shark, slvDev, tnevler
22.7749 USDC - $22.77
https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-bio-protocol/src/Bio.sol#L23 if there is string indexed it hashing and you can't search for it. Topic about that: https://ethereum.stackexchange.com/questions/6840/indexed-event-with-string-not-getting-logged https://stackoverflow.com/questions/73232215/how-to-decode-the-indexed-string-param-in-an-event-using-web3-js
Use not indexed string.
In bio.sol it's better to revert if chainid is not 7700. Also better to pass address of Turnstile in calldata. There can be some migration's and to prevent future mistakes.
Better:
constructor(address turnstile_address) ERC721("Biography", "Bio") { if (block.chainid == 7700) { // Register CSR on Canto mainnnet Turnstile turnstile = Turnstile(turnstile_address); turnstile.register(tx.origin); } else { revert("Wrong Network"); } }
#0 - c4-judge
2023-04-11T05:54:33Z
0xleastwood marked the issue as grade-b