Back to IceBear's contests

RabbitHole Quest Protocol contest - IceBear's results

A protocol to distribute token rewards for completing on-chain tasks.

General Information

Platform: Code4rena

Start Date: 25/01/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 173

Period: 5 days

Judge: kirk-baird

Total Solo HM: 1

Id: 208

League: ETH

RabbitHole

Findings Distribution

Researcher Performance

Rank: 110/173

Findings: 1

Award: $17.20

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRabbitHole

Findings Information

🌟 Selected for report: CodingNameKiki

Also found by: 0x1f8b, 0x4non, 0x5rings, 0xAgro, 0xMirce, 0xRobocop, 0xSmartContract, 0xackermann, AkshaySrivastav, ArmedGoose, Aymen0909, BClabs, Breeje, Dewaxindo, Diana, HollaDieWaldfee, IceBear, IllIllI, Iurii3, Josiah, Krayt, PaludoX0, Phenomana, PrasadLak, RaymondFam, Rolezn, SaeedAlipoor01988, SaharDevep, SleepingBugs, adriro, arialblack14, bin2chen, brevis, btk, carlitox477, carrotsmuggler, catellatech, chaduke, chrisdior4, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, fellows, glcanvas, halden, hl_, horsefacts, jat, joestakey, kenta, libratus, lukris02, luxartvinsec, manikantanynala97, martin, matrix_0wl, nadin, nicobevi, oberon, peanuts, prestoncodes, rbserver, sakshamguruji, sashik_eth, sayan, seeu, thekmj, tnevler, trustindistrust, tsvetanovv, xAriextz, zadaru13, zaskoh

Awards

17.196 USDC - $17.20

Labels

bug
grade-b
QA (Quality Assurance)
Q-67

External Links

Link to GitHub issue

[L-01] OWNER CAN RENOUNCE OWNERSHIP

Description

Typically, the contract’s owner is the account that deploys the contract. As a result, the owner is able to perform certain privileged activities.

Ownable used in this project contract implements renounceOwnership . This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.

onlyOwner functions; QuestFactory.sol#L9 RabbitHoleReceipt.sol#L7 RabbitHoleTickets.sol#L5

We recommend to either reimplement the function to disable it or to clearly specify if it is part of the contract design.

[L-02] USE OF FLOATING PRAGMA

Description:

Pragma statements can be allowed to float when a contract is intended for consumption by other developers, as in the case with contracts in a library or EthPM package. Otherwise, the developer would need to manually update the pragma in order to compile locally. https://swcregistry.io/docs/SWC-103

Context:

RabbitHoleTickets.sol#L2
QuestFactory.sol#L2 RabbitHoleReceipt.sol#L2 Quest.sol#L2 ReceiptRenderer.sol#L2 Erc1155Quest.sol#L2 Erc20Quest.sol#L2 TicketRenderer.sol#L2
IQuest.sol#L2 IQuestFactory.sol#L2

Recommendation:

Ethereum Smart Contract Best Practices - Lock pragmas to specific compiler version. solidity-specific/locking-pragmas

[S-01] GENERATE PERFECT CODE HEADERS EVERY TIME

Description

I recommend using header for Solidity code layout and readability.

https://github.com/transmissions11/headers

#0 - c4-judge

2023-02-05T04:49:19Z

kirk-baird marked the issue as grade-c

#1 - kirk-baird

2023-02-16T07:07:28Z

I'm going to upgrade this to grade-b due to #226

#2 - c4-judge

2023-02-16T07:07:32Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter