Platform: Code4rena
Start Date: 26/05/2023
Pot Size: $100,000 USDC
Total HM: 0
Participants: 33
Period: 14 days
Judge: leastwood
Id: 241
League: ETH
Rank: 23/33
Findings: 1
Award: $813.40
š Selected for report: 0
š Solo Findings: 0
š Selected for report: rbserver
Also found by: 0x73696d616f, 0xTheC0der, 0xdeadbeef, 0xhacksmithh, Bauchibred, GalloDaSballo, KKat7531, Madalad, MohammedRizwan, Rolezn, SAAJ, SanketKogekar, Sathish9098, VictoryGod, brgltd, btk, codeslide, descharre, hunter_w3b, jauvany, kaveyjoe, ladboy233, nadin, niser93, shealtielanz, souilos, trysam2003, yongskiws
813.4016 USDC - $813.40
| ID | Title | Severity |
|---|---|---|
| [L-01] | Missing checks for address(0x0) when assigning values to address state variables | Low |
| [L-02] | Keccak Constant values should used to immutable rather than constant | Low |
| [L-03] | Use Ownable2Step rather than Ownable. | Low |
| [L-04] | Use safeTransferFrom Instead of transferFrom for ERC721 | Low |
| [N-01] | Consider using named mappings | Non-critical |
| [N-02] | UseĀ abi.encodeCall()Ā instead ofĀ abi.encodeSignature()/abi.encodeSelector() | Non-critical |
| [N-03] | Consider usingĀ deleteĀ rather than assigning zero/false to clear values | Non-critical |
| [N-04] | Floating pragma | Non-critical |
| [N-05] | Use a more recent version of Solidity | Non-critical |
https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/L2OutputOracle.sol#LL107C29-L107C29 https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/L2OutputOracle.sol#L108 https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L157
There is a difference between constant variables and immutable variables, and they should each be used in their appropriate contexts. While it doesnāt save any gas because the compiler knows that developers often make this mistake, itās still best to use the right tool for the task at hand.
Ownable2Step and Ownable2StepUpgradeable prevent the contract ownership from mistakenly being transferred to an address that cannot handle it (e.g. due to a typo in the address), by requiring that the recipient of the owner permissions actively accept via a contract call of its own.
Use of transferFrom method for ERC721 transfer is discouraged and recommended to use safeTransferFrom whenever possible by OpenZeppelin
Consider moving to solidity version 0.8.18 or later, and usingĀ named mappingsĀ to make it easier to understand the purpose of each mapping
abi.encodeCall()Ā has compilerĀ type safety, whereas the other two functions do not
Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
More recent version can be used in order to gain some optimizations and new features for the smart contracts
#0 - c4-judge
2023-06-16T13:47:34Z
0xleastwood marked the issue as grade-b