Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 56/96
Findings: 2
Award: $45.50
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron
28.2781 USDC - $28.28
event for NibblVaultYou can used this implementation for better use since it was no event and emitted inside contract
https://docs.openzeppelin.com/contracts/2.x/api/lifecycle
Using
event Paused(address account)
Emitted when the pause is triggered by a pauser (account).
event Unpaused(address account)
Emitted when the pause is lifted by a pauser (account).
whenPaused() modifierModifier to make a function callable only when the contract is paused.
https://docs.openzeppelin.com/contracts/2.x/api/lifecycle#Pausable-whenPaused--
This module is used through inheritance. It will make available the modifiers whenNotPaused and whenPaused, which can be applied to the functions of your contract. Note that they will not be pausable by simply including this module, only once the modifiers are put in place.
function initialize() was used so many times. So if necessary it can be changed from basket interface and basket.sol into intialize , you can removed another initialise and changed into initialize. Since it was good for readibility and structure.Manual Review
Make sure though that you do not allow multiple initializations. For just a few parameters, simply add a check for each parameter, For many parameters, add an isInitialized boolean state variable:
contract MyContract { bool isInitialized = false; function initialize( uint256 _param1, uint256 _param2, uint256 _param3, address _param4, address _param5, bytes32 _param6, bytes32 _param7 ) public { require(!isInitialized, 'Contract is already initialized!'); isInitialized = true; param1 = _param1; ... param7 = _param7; } }
Manual Review
AccessControlMechanism.solhttps://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Utilities/AccessControlMechanism.sol
Since it was used ^0.8.0. As the compiler can be use as 0.8.10 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.
Manual Review
#0 - HardlyDifficult
2022-07-04T16:00:57Z
4 is invalid. Others are NC
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 8olidity, ACai, BowTiedWardens, Chandr, Chom, ElKu, Fitraldys, Funen, IgnacioB, JC, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, Randyyy, SmartSek, StErMi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, c3phas, cRat1st0s, catchup, codexploder, cryptphi, defsec, delfin454000, ellahi, exd0tpy, fatherOfBlocks, hansfriese, joestakey, kebabsec, kenta, m_Rassska, minhquanym, oyc_109, pashov, reassor, rfa, robee, sach1r0, saian, sashik_eth, simon135, slywaters, ych18, ynnad, zuhaibmohd
17.224 USDC - $17.22
calldata instead of memoryFile : EIP712Base.sol Line.15
function INIT_EIP712(string memory name, string memory version) internal {
++i than i++ for saving more gasUsing i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.
Manual Review
main/contracts/Basket.sol#L43 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L70 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L93 for (uint256 i = 0; i < _tokens.length; i++) {
2.) Title : change uint256 i = 0 into uint i for saving more gas
using this implementation can saving more gas for each loops.
Manual Review
Change it
main/contracts/Basket.sol#L43 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L70 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L93 for (uint256 i = 0; i < _tokens.length; i++) {
4.) Title : Caching array length can saving more gas
This implementation can be saving more gas, since if caching the array length is more gas efficient. just because access to a local variable in solidity is more efficient.
Manual Review
main/contracts/Basket.sol#L43 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L70 for (uint256 i = 0; i < _tokens.length; i++) { main/contracts/Basket.sol#L93 for (uint256 i = 0; i < _tokens.length; i++) {
#0 - mundhrakeshav
2022-06-26T12:41:51Z
#2, #3, #6, #7, #8, #15