Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 140/168
Findings: 1
Award: $60.77
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7742 USDC - $60.77
In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
There were 5 instances of this issue.
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/proxy/ERC1967Proxy.sol#L2
File: src/lib/proxy/ERC1967Proxy.sol #1 pragma solidity ^0.8.4;
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/proxy/ERC1967Upgrade.sol#L2
File: src/lib/proxy/ERC1967 #2 pragma solidity ^0.8.4;
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/proxy/UUPS.sol#L2
File: src/lib/proxy/UUPS.sol #3 pragma solidity ^0.8.4;
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/token/ERC721.sol#L2
File: src/lib/token/ERC721.sol #4 pragma solidity ^0.8.4;
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/token/ERC721Votes.sol#L2
File: src/lib/token/ERC721Votes.sol #5 pragma solidity ^0.8.4;
Lock the pragma version
When deploying contracts, you should use the latest released version of Solidity. Apart from exceptional cases,ย only the latest version receives security fixes. Furthermore, breaking changes as well as new features are introduced regularly.
All contracts in auction, governance, manager and token are using the Solidity version 0.8.15
Update to the latest released version of Solidity
There are 2 instances of this issue:
File: src/lib/proxy/ERC1967Upgrade.sol #1 /// @dev Upgrades to an implementation with security checks for UUPS proxies and an additional function call /// @param _newImpl The new implementation address /// @param _data The encoded function call function _upgradeToAndCallUUPS( address _newImpl, bytes memory _data, bool _forceCall
Missing: @param _forceCall
File: src/lib/proxy/ERC1967Upgrade.sol #2 /// @dev Upgrades to an implementation with an additional function call /// @param _newImpl The new implementation address /// @param _data The encoded function call function _upgradeToAndCall( address _newImpl, bytes memory _data, bool _forceCall
Missing: @param _forceCall
#0 - GalloDaSballo
2022-09-26T21:28:05Z
NC
NC
NC
3NC