Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $90,500 USDC
Total HM: 47
Participants: 169
Period: 7 days
Judge: LSDan
Total Solo HM: 9
Id: 211
League: ETH
Rank: 110/169
Findings: 1
Award: $35.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x3b, 0xAgro, 0xBeirao, 0xMirce, 0xNineDec, 0xRobocop, 0xSmartContract, 0xTraub, 0xWeiss, 2997ms, 41i3xn, Awesome, Aymen0909, Bauer, Bnke0x0, Breeje, Cryptor, DadeKuma, Deathstore, Deekshith99, DevABDee, DevTimSch, Dewaxindo, Diana, Ermaniwe, Guild_3, H0, IceBear, Inspectah, JDeryl, Kaiziron, Kaysoft, Kenshin, Mukund, Praise, RaymondFam, Rickard, Rolezn, Ruhum, Sathish9098, SkyWalkerMan, SleepingBugs, UdarTeam, Udsen, Walter, aashar, adeolu, apvlki, arialblack14, ast3ros, btk, chaduke, chandkommanaboyina, chrisdior4, climber2002, codetilda, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, descharre, dharma09, doublesharp, eccentricexit, ethernomad, fs0c, georgits, halden, hansfriese, hashminer0725, immeas, lukris02, luxartvinsec, matrix_0wl, merlin, mookimgo, mrpathfindr, nadin, olegthegoat, pavankv, rbserver, rebase, savi0ur, sayan, scokaf, seeu, shark, simon135, tnevler, tsvetanovv, ulqiorra, ustas, waldenyan20, y1cunhui, yongskiws, yosuke
35.4779 USDC - $35.48
Contracts should be deployed with the same compiler version, that they have been tested thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, a compiler version that might introduce bugs that affect the contract system negatively. - SWC-103.
Also, if you want floating pragma so other projects can integrate Drips contracts, then must consider dropping the pragma. ^0.8.15 is a recent version. I would recommend using at least 0.8.13 in that case. As most projects use 0.8.7-0.8.13 solidity compiler versions, which are considered more stable compiler versions. Or Simply lock the pragma, 0.8.15.
if (lockedFundsRatio < DEGRADATION_COEFFICIENT) { uint256 lockedProfit = yVault.lockedProfit(); return lockedProfit - ((lockedFundsRatio * lockedProfit) / DEGRADATION_COEFFICIENT); /// @audit-low loss of precision } else { return 0; }
Add scalars so roundings are negligible.
These are the instances of this issue:
Project's contracts don't follow the Solidity Style Guide, especially in function ordering. Many view functions were defined before public/external/internal functions & some private functions were defined in between public/external functions. It was confusing & was making the audit process a little difficult. Pls consider using this order in your contracts for better readability:
constructor receive function (if exists) fallback function (if exists) external public internal private Within a grouping, place the view and pure functions last.
The wrong function ordering is in every contract.
It increases the code readability and understanding.
These are the instances of this issue:
Immutable variables should be defined as constant.Almost None of the follows solidity layout. This mapping is defined after literally 600+ lines of code. It is pretty much clear that they used their own layout but still the best-recommended practice should be used as defined in solidity docs. These little things make it a bit harder to understand the code.
#0 - c4-judge
2023-02-28T15:06:14Z
dmvt marked the issue as grade-b