Back to Funen's contests

Infinity NFT Marketplace contest - Funen's results

The world's most advanced NFT marketplace.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $50,000 USDC

Total HM: 19

Participants: 99

Period: 5 days

Judge: HardlyDifficult

Total Solo HM: 4

Id: 136

League: ETH

Infinity NFT Marketplace

Findings Distribution

Researcher Performance

Rank: 62/99

Findings: 2

Award: $80.21

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryInfinity NFT Marketplace

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, 8olidity, BowTiedWardens, Chom, Cityscape, Czar102, ElKu, FSchmoede, Funen, GimelSec, GreyArt, IllIllI, KIntern, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, Ruhum, Sm4rty, StErMi, TerrierLover, TomJ, Treasure-Seeker, VAD37, WatchPug, Wayne, _Adam, a12jmx, abhinavmir, antonttc, apostle0x01, asutorufos, berndartmueller, cccz, cloudjunky, codexploder, cryptphi, csanuragjain, defsec, delfin454000, fatherOfBlocks, georgypetrov, hake, hansfriese, horsefacts, hyh, k, kenta, nxrblsrpr, oyc_109, peritoflores, rajatbeladiya, reassor, rfa, robee, sach1r0, saian, samruna, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, wagmi, zzzitron

Awards

48.9769 USDC - $48.98

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Title : Need to be checked if msg.sender was staked

Since function stake() it can be done by doing this : this was simple example method : by mapping :

        address[] public stakers;
	mapping(address => bool) public hasStaked;
	mapping(address => bool) public isStaking;

   , and inside of stake() :

		// add user to stakers array *only* if they haven't staked already
		if(!hasStaked[msg.sender]) {
			stakers.push(msg.sender);
		}


		// update staking status
		isStaking[msg.sender] = true;
		hasStaked[msg.sender] = true;

so that logic can be used for the function stake()

  1. Title : Better code for good readibility

File : InfinityStaker.sol Line. 170

    uint256 vestedsixMonths = getVestedAmount(user, Duration.SIX_MONTHS);

Since vestedsixMonths (the number can be used an uppercase) it can be changed for the same as another like vestedThreeMonths and vestedTwelveMonths

//update storage

_updateUserStakedAmounts(msg.sender, amount, noVesting, vestedThreeMonths, vestedsixMonths, vestedTwelveMonths);
``

File : InfinityStaker.sol [Line. 126](https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L126)

and this pass into return 

File : InfinityStaker.sol [Line. 172](https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L172)


return noVesting + vestedThreeMonths + vestedsixMonths + vestedTwelveMonths;


## Tool Used

Manual Review

## Recommendation Mitigation 

Change to `vestedSixMonths`

3. Title : Numbers can be set as Constants

File : contracts/core/InfinityExchange.sol [Line.381](https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L381)


         require(minNonce < userMinOrderNonce[msg.sender] + 1000000, 'too many');


4. Title : simplify the number

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L381

require(minNonce < userMinOrderNonce[msg.sender] + 1000000, 'too many');


changed to :

require(minNonce < userMinOrderNonce[msg.sender] + 10**24, 'too many');

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xAsm0d3us, 0xDjango, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xkowloon, BowTiedWardens, Chom, ElKu, FSchmoede, Funen, GimelSec, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, PwnedNoMore, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Wayne, Waze, _Adam, antonttc, apostle0x01, asutorufos, c3phas, codexploder, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hyh, joestakey, k, kenta, oyc_109, peritoflores, reassor, rfa, robee, sach1r0, simon135, slywaters, zer0dot

Awards

31.2335 USDC - $31.23

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Title : Value can be set as immutable

This can be set as immutable for saving more gas

Tool Used

Remix

add immutable

Occurances

1.) File : contracts/staking/InfinityStaker.sol (Line.25

  address public INFINITY_TOKEN;
  1. Title : Using short reason string can be used for saving more gas

Every reason string takes at least 32 bytes. Use short reason strings that fits in 32 bytes or it will become more expensive.

Tool Used

Manual Review

Occurances

main/contracts/staking/InfinityStaker.sol#L94                 'insufficient staked amount to change duration'
main/contracts/staking/InfinityStaker.sol#L96                 'new duration must be greater than old duration'
  1. Title : change uint256 i = 0 into uint256 i for saving more gas

using this implementation can saving more gas for each loops.

Tool Used

Manual Review

Change it

Occurances

main/contracts/core/InfinityExchange.sol#L148    for (uint256 i = 0; i < numMakerOrders; ) {
main/contracts/core/InfinityExchange.sol#L200    for (uint256 i = 0; i < ordersLength; ) {
main/contracts/core/InfinityExchange.sol#L219     for (uint256 i = 0; i < ordersLength; ) {
main/contracts/core/InfinityExchange.sol#L272     for (uint256 i = 0; i < numSells; ) {
main/contracts/core/InfinityExchange.sol#L308     for (uint256 i = 0; i < numMakerOrders; ) {
main/contracts/core/InfinityExchange.sol#L349     for (uint256 i = 0; i < ordersLength; ) {
main/contracts/core/InfinityExchange.sol#L393     for (uint256 i = 0; i < numNonces; ) {
main/contracts/core/InfinityExchange.sol#L1048    for (uint256 i = 0; i < numNfts; ) {
main/contracts/core/InfinityExchange.sol#L1086    for (uint256 i = 0; i < numTokens; ) { 
main/contracts/core/InfinityExchange.sol#L1109     for (uint256 i = 0; i < numNfts; ) {
main/contracts/core/InfinityExchange.sol#L1190     for (uint256 i = 0; i < numNfts; ) {
main/contracts/core/InfinityExchange.sol#L1206     for (uint256 i = 0; i < numTokens; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L76        for (uint256 i = 0; i < ordersLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L82        for (uint256 j = 0; j < nftsLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L199       for (uint256 i = 0; i < nftsLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L216       for (uint256 i = 0; i < nftsLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L246       for (uint256 i = 0; i < order2NftsLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L247       for (uint256 j = 0; j < order1NftsLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L290       for (uint256 k = 0; k < item2TokensLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L291       for (uint256 l = 0; l < item1TokensLength; ) {
main/contracts/core/InfinityOrderBookComplication.sol#L320       for (uint256 i = 0; i < ordersLength; ) {
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter