Platform: Code4rena
Start Date: 03/07/2023
Pot Size: $40,000 USDC
Total HM: 14
Participants: 74
Period: 7 days
Judge: alcueca
Total Solo HM: 9
Id: 259
League: ETH
Rank: 42/74
Findings: 1
Award: $17.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xprinc
Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-
17.5208 USDC - $17.52
SafeCast library is unused in Aquifer.sol. Remove unused Library.The SafeCast library in the Aquifer.sol contract is not used.
contract Aquifer is IAquifer, ReentrancyGuard { using SafeCast for uint256;//@audit remove unused library. using LibClone for address; ...
Consider removing the SafeCast library since it is not used.
The Well.sol contract imports the draft draft-ERC20PermitUpgradeable.sol file of openzeppelin contracts which is also marked as deprecated in the file when checked.
This Openzepelin's warning about the draft directory: https://docs.openzeppelin.com/contracts/3.x/api/drafts
"This directory contains implementations of EIPs that are still in Draft status.
Due to their nature as drafts, the details of these contracts may change and we cannot guarantee their stability. Minor releases of OpenZeppelin Contracts may contain breaking changes for the contracts in this directory, which will be duly announced in the changelog. The EIPs included here are used by projects in production and this may make them less likely to change significantly."
import {ERC20Upgradeable, ERC20PermitUpgradeable} from "ozu/token/ERC20/extensions/draft-ERC20PermitUpgradeable.sol";
Consider using the ERC20PermitUpgradeable.sol file since it is available instead of importing the draft.
The name and symbol parameters of the init() function of the Well.sol contract shadows the ERC20Upgradable.name and ERC20Upgradable.symbol. The ERC20Upgradable is a parent contract inherited by ERC20PermitUpgradeable.
function init(string memory name, string memory symbol) public initializer { __ERC20Permit_init(name); //@audit shadowing name and symbol of ERC20 __ERC20_init(name, symbol); IERC20[] memory _tokens = tokens(); for (uint256 i; i < _tokens.length - 1; ++i) { for (uint256 j = i + 1; j < _tokens.length; ++j) { //@audit double for loop if (_tokens[i] == _tokens[j]) { revert DuplicateTokens(_tokens[i]); } } } }
Consider renaming the name and symbol parameters of the init functions and avoid shadowing another variable.
ONE_WORD.uint256 private constant ONE_WORD = 0x20;
The above state variable is defined in both the Clone.sol and ClonePlus.sol and ClonePlus.sol inherits the Clone.sol contract. ClonePlus.sol contract is in turn a parent contract for Well.sol contract.
Files:
uint256 private constant ONE_WORD = 0x20; //@audit same variable name in Clone and ClonePlus.
Consider removing the ONE_WORD variable from one of the Clone.sol ClonePlus.sol
#0 - c4-pre-sort
2023-07-13T14:34:02Z
141345 marked the issue as high quality report
#1 - c4-sponsor
2023-07-17T18:48:49Z
publiuss marked the issue as sponsor confirmed
#2 - c4-judge
2023-08-05T10:18:50Z
alcueca marked the issue as grade-a