Platform: Code4rena
Start Date: 17/07/2023
Pot Size: $85,500 USDC
Total HM: 11
Participants: 26
Period: 14 days
Judge: Picodes
Total Solo HM: 1
Id: 263
League: ETH
Rank: 22/26
Findings: 1
Award: $31.38
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MiloTruck
Also found by: 0xAnah, AlexCzm, Bughunter101, BugzyVonBuggernaut, DavidGiladi, Emmanuel, Iurii3, Kaysoft, MohammedRizwan, Prestige, Rolezn, Sathish9098, Stormreckson, adeolu, descharre, evmboi32, fatherOfBlocks, ginlee, ihtishamsudo, juancito, mrudenko, tnquanghuy0512
31.3772 USDC - $31.38
Validation of createProfileParams: The code does not validate the createProfileParams passed to the createProfile function. It's important to validate the input parameters to ensure they meet the required constraints and prevent any potential misuse or invalid data. Without proper validation, it could lead to unexpected behavior or security vulnerabilities.
Minting the profile NFT before creating the profile: In the createProfile function, the code mints a new profile NFT to the specified recipient address before calling ProfileLib.createProfile to actually create the profile. This order of operations may not be ideal as it creates the NFT before the profile is fully created. It's generally recommended to create the profile first and then mint the corresponding NFT to ensure consistency and avoid potential issues where the profile creation fails after the NFT has already been minted.
In the LensHub contract there are two functions:
ChangeDelegatedExecutorConfig and
ChangeDelegatedExecutorConfig
The first function allows for updating the delegated executors' configuration and potentially performing a configuration switch.
The second function allows for updating the delegated executors' configuration but does not perform a configuration switch.
Both functions call the same underlying _changeDelegatedExecutorsConfig function, which handles the actual logic of updating the delegated executors' configuration.
Given that the second function only updates the list of delegated executors and their corresponding approvals without changing any other configuration or performing a switch, it would indeed be more appropriate to rename it to something like updateDelegatedExecutors to better reflect its purpose and functionality. Renaming the function to updateDelegatedExecutors would provide clarity and make the code more readable and understandable for other developers.
_transfer is called before checking of the reciving contract is ERC721 compatible.
check if the recipient contract can handle the token transfer and reverts the transaction if the check fails. Only if the check passes, the _transfer function is called to perform the actual transfer of the token.
This approach ensures that the transfer is conditional on the recipient contract's capabilities, reducing the risk of potential issues or unintended consequences
#0 - c4-judge
2023-08-28T20:55:10Z
Picodes marked the issue as grade-b