Backed Protocol contest - Kenshin's results

Protocol for peer to peer NFT-Backed Loans.

General Information

Platform: Code4rena

Start Date: 05/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 47

Period: 3 days

Judge: gzeon

Total Solo HM: 4

Id: 106

League: ETH

Backed Protocol

Findings Distribution

Researcher Performance

Rank: 33/47

Findings: 2

Award: $84.80

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Backed Protocol

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, BouSalman, CertoraInc, Dravee, FSchmoede, Hawkeye, Kenshin, Meta0xNull, PPrieditis, Ruhum, TerrierLover, VAD37, WatchPug, berndartmueller, csanuragjain, hake, horsefacts, hubble, m9800, rayn, reassor, robee, samruna, securerodd, shenwilly, sorrynotsorry, t11s, teryanarmen, tintin, z3s

Awards

51.8678 USDC - $51.87

Labels

bug

QA (Quality Assurance)

sponsor acknowledged

External Links

Link to GitHub issue

Interface or Contract Type Should Be Used

Description

When passing a contract address as an argument to a function, it is recommended to use the interface or contract type rather than the address type. Explicitly defining as an interface or contract type can provide additional type safety guarantees; for example, the compiler can catch any unrecognized or undeclared function called to that contract address within the function. More: https://consensys.github.io/smart-contract-best-practices/development-recommendations/solidity-specific/interface-types/

Permalinks

Mitigation

Using the interface or contract type rather than just address.

#0 - wilsoncusack
2022-04-08T14:38:14Z

Will consider this

#1 - wilsoncusack
2022-04-15T17:20:42Z

actually probably won't make this change at this point

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xkatana, CertoraInc, FSchmoede, Funen, IllIllI, Kenshin, Meta0xNull, TerrierLover, Tomio, csanuragjain, joshie, obront, rayn, rfa, robee, saian, securerodd, sorrynotsorry, t11s, z3s

Awards

32.9299 USDC - $32.93

Labels

bug

G (Gas Optimization)

sponsor acknowledged

External Links

Link to GitHub issue

Custom Errors Should Be Used For Gas-optimization

Description

Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them. Source: https://blog.soliditylang.org/2021/04/21/custom-errors/

Permalinks

Mitigation

Consider using custom errors instead if the contract uses solidity version 0.8.4 or above.

Backed Protocol contest - Kenshin's results

Protocol for peer to peer NFT-Backed Loans.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-30] QA Report - $51.87

Findings Information

Awards

Labels

External Links

Interface or Contract Type Should Be Used

Description

Permalinks

Mitigation

#0 - wilsoncusack2022-04-08T14:38:14Z

#1 - wilsoncusack2022-04-15T17:20:42Z

[G-19] Gas Report - $32.93

Findings Information

Awards

Labels

External Links

Custom Errors Should Be Used For Gas-optimization

Description

Permalinks

Mitigation

#0 - wilsoncusack
2022-04-08T14:38:14Z

#1 - wilsoncusack
2022-04-15T17:20:42Z