Back to SleepingBugs's contests

Canto Identity Protocol contest - SleepingBugs's results

Protocol Aggregating Protocol (PAP) for standardizing on-chain identity.

General Information

Platform: Code4rena

Start Date: 31/01/2023

Pot Size: $36,500 CANTO

Total HM: 5

Participants: 38

Period: 3 days

Judge: berndartmueller

Total Solo HM: 2

Id: 212

League: ETH

Canto Identity Protocol

Findings Distribution

Researcher Performance

Rank: 33/38

Findings: 1

Award: $44.97

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto Identity Protocol

Findings Information

🌟 Selected for report: HardlyDifficult

Also found by: 0xAgro, 0xSmartContract, Aymen0909, DevABDee, JC, Matin, Rolezn, SleepingBugs, adriro, brevis, btk, chaduke, d3e4, enckrish, hihen, joestakey, libratus, merlin, nicobevi, rotcivegaf, shark, sorrynotsorry

Awards

149.2473 CANTO - $44.97

Labels

bug
grade-b
QA (Quality Assurance)
Q-10

External Links

Link to GitHub issue

Low

Issue index
1Missing checks for address(0x0) when assigning values to address state or immutable variables

Missing checks for address(0x0) when assigning values to address state or immutable variables

NOTE: None of these findings where found by 4naly3er output - NC

Summary

Zero address should be checked for state variables, immutable variables. A zero address can lead into problems.

Code Snippet

0 address control should be done in these parts

[CidNFT.sol#L129-L130](https://github.com/code-423n4/2023-01-canto-identity/blob/d7843c5d7ab731ba959cdb1389ba6bd5a2f5bbd3/src/CidNFT.sol#L129-L130

[SubprotocolRegistry.sol#L66](https://github.com/code-423n4/2023-01-canto-identity/blob/d7843c5d7ab731ba959cdb1389ba6bd5a2f5bbd3/src/SubprotocolRegistry.sol#L66

Recommendation

Check zero address before assigning or using it

Informational

Issue index
1Maximum line length exceeded
2Constants should be defined rather than using magic numbers
3Use scientific notation (e.g. 1e18) rather than exponentiation (e.g. 10 ** 18)
4Missing Natspec
5Undocumented parameters
6Include return parameters in natspec comments

Maximum line length exceeded

Usually lines in source code are limited to 80 characters. Today’s screens are much larger so it’s reasonable to stretch this in some cases. Solidity newer guidelines suggest 120 characters. Reference: Long lines should be wrapped to conform with Solidity Style guidelines

Following lines with more than 120:

CidNFT.sol#L144

CidNFT.sol#L146

CidNFT.sol#L148

CidNFT.sol#L162

CidNFT.sol#L185

CidNFT.sol#L258

CidNFT.sol#L261

CidNFT.sol#L327

SubprotocolRegistry.sol#L71

SubprotocolRegistry.sol#L72

SubprotocolRegistry.sol#L78

Constants should be defined rather than using magic numbers

NOTE: None of these findings where found by 4naly3er output - NC

  • CidNFT.sol#L191 uint256 cidFee = (subprotocolFee * CID_FEE_BPS) / 10_000;

Use scientific notation (e.g. 1e18) rather than exponentiation (e.g. 10 ** 18)

Missing Natspec

NatSpec is missing for the following functions / constructor / modifiers:

Undocumented parameters

In a some places, a parameter is missing in the documentation:

Include return parameters in natspec comments

If Return parameters are declared, you must prefix them with ”/// @return”. References

Some code analysis programs do analysis by reading NatSpec details, if they can’t see the @return tag, they do incomplete analysis.

Recommendation

Include return parameters in NatSpec comments

Recommendation Code Style:

    /// @notice information about what a fooFighter function does
		/// @param fooParam what the fooParam represents
		/// @return what is the fooReturnValue returned by fooFighter
		function fooFighter(uint256 fooParam) public returns (uint256 fooReturnValue) {
      ...
    }

#0 - c4-judge

2023-02-18T12:58:28Z

berndartmueller marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter