Back to Dug's contests

RabbitHole Quest Protocol contest - Dug's results

A protocol to distribute token rewards for completing on-chain tasks.

General Information

Platform: Code4rena

Start Date: 25/01/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 173

Period: 5 days

Judge: kirk-baird

Total Solo HM: 1

Id: 208

League: ETH

RabbitHole

Findings Distribution

Researcher Performance

Rank: 135/173

Findings: 1

Award: $11.33

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRabbitHole

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0xAgro, 0xSmartContract, 0xhacksmithh, 0xngndev, Aymen0909, Bnke0x0, Breeje, Deivitto, Diana, Dug, Iurii3, LethL, MiniGlome, NoamYakov, RaymondFam, ReyAdmirado, Rolezn, SAAJ, adriro, ali, arialblack14, atharvasama, c3phas, carlitox477, catellatech, chaduke, cryptonue, cryptostellar5, ddimitrov22, dharma09, doublesharp, favelanky, georgits, glcanvas, gzeon, halden, horsefacts, jasonxiale, joestakey, karanctf, lukris02, matrix_0wl, nadin, navinavu, saneryee, shark, thekmj

Awards

11.3269 USDC - $11.33

Labels

bug
G (Gas Optimization)
grade-b
G-12

External Links

Link to GitHub issue

Gas optimizations

Variable initialized with default value

Not sure why this instance was not caught by the C4audit output, but the redeemedTokens = 0; line in Quest.sol is unnecessary as the variable is already initialized to 0 by default.

redeemedTokens = 0;

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L45

Suggested improvement

Remove the line.

Use boolean value directly instead of checking for equality to true

In Quest.sol, the isClaimed function returns claimedList[tokenId_] == true. It should just return the value directly instead of unnecessarily checking for equality to true.

function isClaimed(uint256 tokenId_) public view returns (bool) {
    return claimedList[tokenId_] == true;
}

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L135-L137

Suggested improvement

function isClaimed(uint256 tokenId_) public view returns (bool) {
    return claimedList[tokenId_];
}

Reimplemented public getter functions

In Quest.sol, getRewardAmount and getRewardToken are just reimplementing the auto-generated getters for the public rewardAmount and rewardToken values. These functions could be removed.

/// @dev Returns the reward amount
function getRewardAmount() public view returns (uint256) {
    return rewardAmountInWeiOrTokenId;
}

/// @dev Returns the reward token address
function getRewardToken() public view returns (address) {
    return rewardToken;
}

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L139-L147

Overriding with no changes in functionality

In RabbitHoleReceipt.sol, the _burn function is overriding the parent functions, but is not changing the functionality. This is unnecessary and could be removed.

function _burn(uint256 tokenId_) internal override(ERC721Upgradeable, ERC721URIStorageUpgradeable) {
    super._burn(tokenId_);
}

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L137-L141

#0 - c4-judge

2023-02-15T21:55:27Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter