Back to EthLedger's contests

Olympus DAO contest - EthLedger's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Platform: Code4rena

Start Date: 25/08/2022

Pot Size: $75,000 USDC

Total HM: 35

Participants: 147

Period: 7 days

Judge: 0xean

Total Solo HM: 15

Id: 156

League: ETH

Olympus DAO

Findings Distribution

Researcher Performance

Rank: 118/147

Findings: 1

Award: $54.31

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOlympus DAO

Findings Information

🌟 Selected for report: zzzitron

Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas

Awards

54.3128 DAI - $54.31

Labels

bug
QA (Quality Assurance)
edited-by-warden

External Links

Link to GitHub issue

Low Risk Findings:

  1. Missing checks for address(0)

https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L251 https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L253

  1. Unused internal functions:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L131 https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L16 https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L26 https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L11 https://github.com/code-423n4/2022-08-olympus/blob/main/src/utils/KernelUtils.sol#L21

  1. Use of block.timestamp()

Instead of using block.timestamp(), It is recommended to use block.number plus an average block time to estimate times, as this is less easily manipulated by miners:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L165 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L171 https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L215

Non-Critical Findings:

  1. Use only uppercase letters for constant variables

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/PRICE.sol#L59

  1. Public functions not used internally should be declared external:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L439 https://github.com/code-423n4/2022-08-olympus/blob/main/src/Kernel.sol#L451

  1. Transfer function in VOTES.sol could be removed

Since transfers are locked for this token, this function could be removed:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/VOTES.sol#L45

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter