Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 104/147
Findings: 1
Award: $54.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.3202 DAI - $54.32
ACCOUNT.CODE.LENGTH<address>.code.length can be used in Solidity >= 0.8.0 to access an account's code size and check if it is a contract without inline assembly.
There is 1 instance of this issue:
KernalUtils.sol#ensureContract
File: src/utils/KernelUtils.sol 31 function ensureContract(address target_) view { 32 uint256 size; 33 assembly { 34 size := extcodesize(target_) 35 } 36 if (size == 0) revert TargetNotAContract(target_); 37: }
Returns a bool flag for whether the tokens have been claimed, not the amount of tokens reclaimed.
There is 1 instance of this issue:
File: src/policies/Governance.sol 116: /// @notice Return the amount of tokens reclaimed by a user after voting on a proposal id.
safeApprove() is deprecated in favor of safeIncreaseAllowance() and safeDecreaseAllowance().
There are 2 instance(s) of this issue:
Operator.sol#configureDependencies
File: src/policies/Operator.sol #1 167: ohm.safeApprove(address(MINTR), type(uint256).max);
BondCallback.sol#configureDependencies
File: src/policies/BondCallback.sol #2 57: ohm.safeApprove(address(MINTR), type(uint256).max);
Code architecture, incentives, and error handling/reporting questions/issues should be resolved before deployment
There are 3 instance(s) of this issue:
File: src/policies/Operator.sol #1 657: /// TODO determine if this should use the last price from the MA or recalculate the current price, ideally last price is ok since it should have been just updated and should include check against secondary?
File: src/policies/TreasuryCustodian.sol #2 51 // TODO Currently allows anyone to revoke any approval EXCEPT activated policies. 52: // TODO must reorg policy storage to be able to check for deactivated policies.
TreasuryCustodian.sol#revokePolicyApprovals
File: src/policies/TreasuryCustodian.sol #3 56: // TODO Make sure `policy_` is an actual policy and not a random address.