Back to Kaysoft's contests

Lens Protocol V2 - Kaysoft's results

An open technology stack, builders can create social front-ends or integrate Lens social capabilities.

General Information

Platform: Code4rena

Start Date: 17/07/2023

Pot Size: $85,500 USDC

Total HM: 11

Participants: 26

Period: 14 days

Judge: Picodes

Total Solo HM: 1

Id: 263

League: ETH

Lens Protocol

Findings Distribution

Researcher Performance

Rank: 12/26

Findings: 1

Award: $31.38

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLens Protocol

Findings Information

🌟 Selected for report: MiloTruck

Also found by: 0xAnah, AlexCzm, Bughunter101, BugzyVonBuggernaut, DavidGiladi, Emmanuel, Iurii3, Kaysoft, MohammedRizwan, Prestige, Rolezn, Sathish9098, Stormreckson, adeolu, descharre, evmboi32, fatherOfBlocks, ginlee, ihtishamsudo, juancito, mrudenko, tnquanghuy0512

Awards

31.3772 USDC - $31.38

Labels

bug
grade-b
QA (Quality Assurance)
Q-01

External Links

Link to GitHub issue

[NC-1] No need to emit block.timestamp in an event since it is part of a transaction

There is no need to emit block.timestamp in an event since it is part of a transaction

File:

 /// @inheritdoc ILensProfiles
    function DANGER__disableTokenGuardian() external onlyEOA {
        if (StorageLib.tokenGuardianDisablingTimestamp()[msg.sender] != 0) {
            revert Errors.DisablingAlreadyTriggered();
        }
        StorageLib.tokenGuardianDisablingTimestamp()[msg.sender] = block.timestamp + TOKEN_GUARDIAN_COOLDOWN;
        emit Events.TokenGuardianStateChanged({
            wallet: msg.sender,
            enabled: false,
            tokenGuardianDisablingTimestamp: block.timestamp + TOKEN_GUARDIAN_COOLDOWN,
            timestamp: block.timestamp//@audit no need to emit block.timestamp
        });
    }

Consider removing block.timestamp from events because it is already in the transaction details.

[NC-2] Remove commented code

Commented code sometimes is an indication of unfinished work. Consider removing it.

File: https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/misc/LensV2UpgradeContract.sol#L45

function executeLensV2Upgrade() external onlyOwner {
        // _preUpgradeChecks(); //@audit commmented code.
        _upgrade();
        // _postUpgradeChecks(); //@audit commmented code.
    }

Consider removing all commented codes.

[NC-3] owner parameter of ControlByContract.sol::contstructor shadows Ownable.owner

The owner parameter of the constructor of ControlByContract.sol contract shadows the owner state variable of the parent Ownable contract.

File: https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/misc/access/ControllableByContract.sol#L21

constructor(address owner) Ownable() {
        _transferOwnership(owner); //@audit shadowing Ownable.owner
    }

Consider renaming the owner parameter of the ControlByContract.sol to avoid variable shadowing.

#0 - c4-judge

2023-08-28T18:18:36Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter