Backed Protocol contest - Meta0xNull's results

Protocol for peer to peer NFT-Backed Loans.

General Information

Platform: Code4rena

Start Date: 05/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 47

Period: 3 days

Judge: gzeon

Total Solo HM: 4

Id: 106

League: ETH

Backed Protocol

Findings Distribution

Researcher Performance

Rank: 32/47

Findings: 2

Award: $84.80

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Backed Protocol

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, BouSalman, CertoraInc, Dravee, FSchmoede, Hawkeye, Kenshin, Meta0xNull, PPrieditis, Ruhum, TerrierLover, VAD37, WatchPug, berndartmueller, csanuragjain, hake, horsefacts, hubble, m9800, rayn, reassor, robee, samruna, securerodd, shenwilly, sorrynotsorry, t11s, teryanarmen, tintin, z3s

Awards

51.8678 USDC - $51.87

Labels

bug

QA (Quality Assurance)

sponsor acknowledged

External Links

Link to GitHub issue

1) Suggest updateRequiredImprovementRate() Set a Max Limit

Risk Level: Non Critical

Impact

Improvement rate over 100%/300% will not make sense. While I believe the team will not set a crazy ImprovementRate but we can't predict when there is new team or DAO who take over.

Proof of Concept

https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L320-L325

Recommended Mitigation Steps

Hard Coded Max Limit in updateRequiredImprovementRate().

#0 - wilsoncusack
2022-04-07T12:17:29Z

Currently we plan to allow the DAO to do whatever it wants

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xkatana, CertoraInc, FSchmoede, Funen, IllIllI, Kenshin, Meta0xNull, TerrierLover, Tomio, csanuragjain, joshie, obront, rayn, rfa, robee, saian, securerodd, sorrynotsorry, t11s, z3s

Awards

32.9299 USDC - $32.93

Labels

bug

G (Gas Optimization)

sponsor acknowledged

External Links

Link to GitHub issue

1) Long Revert Strings are Waste of Gas

Impact

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Proof of Concept

https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L118 https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L178 https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L255 More...

Recommended Mitigation Steps

Shorten the revert strings to fit in 32 bytes.

Or consider using Custom Errors (solc >=0.8.4).

#0 - wilsoncusack
2022-04-07T12:16:56Z

duplicate of many others, do not plan to change

Backed Protocol contest - Meta0xNull's results

Protocol for peer to peer NFT-Backed Loans.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-31] QA Report - $51.87

Findings Information

Awards

Labels

External Links

1) Suggest updateRequiredImprovementRate() Set a Max Limit

Risk Level: Non Critical

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - wilsoncusack2022-04-07T12:17:29Z

[G-20] Gas Report - $32.93

Findings Information

Awards

Labels

External Links

1) Long Revert Strings are Waste of Gas

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - wilsoncusack2022-04-07T12:16:56Z

#0 - wilsoncusack
2022-04-07T12:17:29Z

#0 - wilsoncusack
2022-04-07T12:16:56Z