Platform: Code4rena
Start Date: 17/03/2023
Pot Size: $36,500 USDC
Total HM: 10
Participants: 98
Period: 3 days
Judge: leastwood
Total Solo HM: 5
Id: 223
League: ETH
Rank: 55/98
Findings: 1
Award: $22.77
š Selected for report: 0
š Solo Findings: 0
š Selected for report: Sathish9098
Also found by: 0xAgro, 0xSmartContract, 0xdaydream, 0xnev, Awesome, Aymen0909, BRONZEDISC, Bauchibred, Deathstore, Diana, IceBear, Jerry0x, Kresh, Matin, Rolezn, Stryder, T1MOH, Udsen, adriro, alejandrocovrr, atharvasama, codeslide, cryptonue, descharre, igingu, jack, joestakey, libratus, lukris02, luxartvinsec, nadin, nasri136, reassor, scokaf, shark, slvDev, tnevler
22.7749 USDC - $22.77
| Issue | Instances | |
|---|---|---|
| [Lā01] | indexed keyword for reference type variables such as string in events may lead to data loss. | 2 |
Total: 2 instances over 1 issue
| Issue | Instances | |
|---|---|---|
| [Nā01] | Use a more recent version of solidity | 5 |
| [Nā02] | File is missing NatSpec | 1 |
| [Nā03] | Consider using delete rather than assigning zero to default values | 2 |
Total: 8 instances over 3 issues
Note: The table above was created considering the automatic findings and thus, those are not included.
indexed keyword for reference type variables such as string in events may lead to data loss.when the indexed keyword is used for reference typed variables such as string, it will return the hash of the mentioned string.
Thus, the event which is supposed to inform all of the applications subscribed to its emitting transaction (e.g. front-end of the DApp),
would get a meaningless and obscure 32 bytes that correspond to keccak256 of an encoded string. For more information about the
indexed events, one can check here(https://docs.soliditylang.org/en/v0.8.17/abi-spec.html?highlight=indexed#events).
There are 2 instances of this issue:
event NamespaceFused(address indexed fuser, uint256 indexed namespaceId, string indexed name);
event BioAdded(address indexed minter, uint256 indexed nftID, string indexed bio);
https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-bio-protocol/src/Bio.sol#L23
Using version 0.8.17 for the solidity compiler is better.
There are 5 instances of this issue:
pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-pfp-protocol/src/ProfilePicture.sol#L2 https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-namespace-protocol/src/Tray.sol#L2 https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-namespace-protocol/src/Namespace.sol#L2 https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-bio-protocol/src/Bio.sol#L2 https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-namespace-protocol/src/Utils.sol#L2
Some functions miss NatSpec (@inheritdoc)
There is 1 instance of this issue:
function _drawing(uint256 _seed) private pure returns (TileData memory tileData) {...} }
delete rather than assigning zero to default valuesThere are 2 instances of this issue:
nftContract = address(0);
nftID = 0;
#0 - c4-judge
2023-04-11T06:00:03Z
0xleastwood marked the issue as grade-a
#1 - c4-judge
2023-04-12T00:38:05Z
0xleastwood marked the issue as grade-b