Back to Funen's contests

AbraNFT contest - Funen's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Platform: Code4rena

Start Date: 27/04/2022

Pot Size: $50,000 MIM

Total HM: 6

Participants: 59

Period: 5 days

Judge: 0xean

Id: 113

League: ETH

Abracadabra Money

Findings Distribution

Researcher Performance

Rank: 31/59

Findings: 2

Award: $120.79

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAbracadabra Money

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s

Awards

75.7132 MIM - $75.71

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Title : Typo Comment

This was typo comment, it should be calculateinterest instead of calculateIntest.

##Tool Used Manual Review

  1. Title : Consistency code for easy readibilty

https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L188-L191

since this worse params was used, it can be used like below :

https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L283-L288

##Tool Used Manual Review

##Recommended Mitigation

            require(
                params.duration >= cur.duration &&
                params.valuation <= cur.valuation &&
                params.annualInterestBPS <= cur.annualInterestBPS,
                "NFTPair: worse params"
            );

#0 - cryptolyndon

2022-05-13T05:11:06Z

The "bad params" and "worse params" messages are different checks. Why make the revert string the same?

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s

Awards

45.0789 MIM - $45.08

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Title : Using ++i than i++ for saving more gas

Using i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.

Tools Used

Manual Review, Remix

Occurances

main/contracts/NFTPair.sol#L494
main/contracts/NFTPair.sol#L631
  1. Title : change uint256 i = 0 into uint i for saving more gas

using this implementation can saving more gas for each loops.

##Tool Used Manual Review & Remix

##Recommended Mitigation Change it

##Occurances

main/contracts/NFTPair.sol#L631
  1. Saving gas by removing = 0

https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L719

If a variable was not set/initialized, it is assumed to have default value to 0 this implementation was used for saving more gas by removing = 0

##TOOLS USED Remix, Manual Review

##Mitigation Step Remove = 0

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter