Back to Tadashi's contests

Notional x Index Coop - Tadashi's results

A collaboration between Notional and Index Coop to create fixed rate yield index tokens.

General Information

Platform: Code4rena

Start Date: 07/06/2022

Pot Size: $75,000 USDC

Total HM: 11

Participants: 77

Period: 7 days

Judge: gzeon

Total Solo HM: 7

Id: 124

League: ETH

Notional

Findings Distribution

Researcher Performance

Rank: 47/77

Findings: 2

Award: $135.56

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNotional

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 0xmint, Bronicle, Chom, Cityscape, Deivitto, Funen, GimelSec, GreyArt, IllIllI, JC, Lambda, Meera, Nethermind, Picodes, PierrickGT, Ruhum, Sm4rty, Tadashi, TerrierLover, TomJ, Trumpero, Waze, _Adam, antonttc, ayeslick, c3phas, catchup, cccz, cloudjunky, cryptphi, csanuragjain, delfin454000, dipp, ellahi, fatherOfBlocks, hake, hansfriese, hyh, joestakey, jonah1005, kenzo, minhquanym, oyc_109, sach1r0, saian, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s, zzzitron

Awards

88.1437 USDC - $88.14

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Usage of pragma experimental ABIEncoderV2

Details: Consider removing L3 of wfCashLogic.sol, as:

  1. ABIEncoderV2 is not considered experimental anymore since Solidity 0.7.4; and
  2. ABIEncoderV2 is turned on by default since Solidity 0.8.0.

Usage of deprecated function safeApprove

Details: In L66-75 of wfCashBase.sol the function safeApprove from OpenZeppelin contracts are used, however these functions have been deprecated according to OpenZeppelin 4.x docs.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xSolus, 0xf15ers, 0xkatana, 0xmint, 8olidity, Chom, Cityscape, DavidGialdi, Deivitto, ElKu, Fitraldys, Funen, GreyArt, Lambda, Meera, Picodes, PierrickGT, Sm4rty, Tadashi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, antonttc, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, delfin454000, djxploit, ellahi, fatherOfBlocks, hake, hansfriese, hyh, joestakey, kaden, minhquanym, oyc_109, rfa, sach1r0, saian, samruna, simon135, slywaters, ynnad

Awards

47.4165 USDC - $47.42

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Split require to avoid using && opcode

Details: In L129-137 of wfCashLogic.sol consider changing the code

require(
            ac.hasDebt == 0x00 &&
            assets.length == 1 &&
            EncodeDecode.encodeERC1155Id(
                assets[0].currencyId,
                assets[0].maturity,
                assets[0].assetType
            ) == fCashID
        );

to the following version without the && operator:

require(ac.hasDebt == 0x00);
require(assets.length == 1);
require(EncodeDecode.encodeERC1155Id(
          assets[0].currencyId,
          assets[0].maturity,
	        assets[0].assetType
        == fCashID));

Note: This optimization can became invalid if an error message is added to require. Furthermore, consider using custom errors to save gas.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter