Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 11/65
Findings: 4
Award: $500.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pedroais
Also found by: 0x4non, 0x52, 0xf15ers, 0xliumin, CertoraInc, Dravee, GimelSec, IllIllI, MaratCerby, StErMi, TerrierLover, WatchPug, berndartmueller, cccz, dipp, fatherOfBlocks, hake, hickuphh3, hyh, isamjay, mtz, oyc_109, p4st13r4, peritoflores, rotcivegaf, saian, simon135, sorrynotsorry, sseefried, tabish, z3s
14.8433 USDC - $14.84
Regardless of the success or failure of the call, function will exit as if everything was succeeded. Consider swapping require and return.
#0 - sforman2000
2022-05-18T01:29:03Z
Duplicate of #157 (high risk)
🌟 Selected for report: rotcivegaf
Also found by: AuditsAreUS, MaratCerby, StErMi, berndartmueller, cccz, dipp
Reference: #2
Impact [8] Consider adding here require(msg.value == 0); since it is non-ETH token.
Affected code:
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, AlleyCat, BouSalman, Dravee, Funen, GimelSec, Hawkeye, MaratCerby, Picodes, StErMi, TerrierLover, WatchPug, Waze, berndartmueller, bobirichman, cryptphi, csanuragjain, defsec, delfin454000, dipp, fatherOfBlocks, hake, hickuphh3, hyh, joestakey, kebabsec, mics, mtz, oyc_109, p4st13r4, p_crypt0, robee, rotcivegaf, sikorico, simon135, sorrynotsorry, tintin
132.8672 USDC - $132.87
[1] By default, function types and state variables/constants are internal, so the internal keyword can be omitted.
Affected code:
[2] Magic number, consider using named constant instead.
Affected code:
[3] Consider using "_" separate digit capacity i.e "100000" could be replaced to "100_000". This increases code readability.
Affected code:
[4] Consider using IERC20 type instead of address. Or IERC20[] type instead of address[].
Affected code:
[5] Typo: variable name supposed to be 'decimals'.
Affected code:
[6] Consider reducing if nesting by having early continue/return and else contents clause can be placed right after. This increases readability of the code.
Affected code:
[7] Usually when you leave function empty it is a good practice to place a comment inside brackets { /* reason why here is no code */ }
Consider adding explanation in comments.
Affected code:
[8] Consider adding here require(msg.value == 0); since it is non-ETH token.
Affected code:
[9] Concern: Isn't it better to break the for-loop instead of reverting whole transaction?
Affected code:
[10] Brackets aren't necessary here, consider making this code one-liner.
Affected code:
#0 - HickupHH3
2022-06-06T02:31:50Z
NC issues: 1, 2, 3, 4, 5, 6, 7, 10 Low issues: #3, #4, #5, 9
8 has been bumped to medium severity
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xNazgul, 0xf15ers, 0xkatana, 0xliumin, Cityscape, Dravee, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, SooYa, StErMi, Tomio, WatchPug, Waze, bobirichman, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hickuphh3, ignacio, joestakey, kebabsec, mics, mtz, oyc_109, robee, rotcivegaf, samruna, sikorico, simon135, z3s
69.5441 USDC - $69.54
[1] Consider using optimized for-loop and apply the following optimizations:
Affected code:
[2] Using x != 0 uses 6 less gas than x > 0. Consider changing all "greater than zero" comparisons to "not equal to zero".
Affected code:
[3] You can upgrade to modern 0.8.4+ solidity version in order to save gas. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.
Affected code:
[4] Consider using if (stAssetBalance > aTokenBalance) return stAssetBalance.sub(aTokenBalance); because in if these values are equal return value will be zero.
This will save some gas.
Affected code: