Platform: Code4rena
Start Date: 09/09/2022
Pot Size: $42,000 USDC
Total HM: 2
Participants: 101
Period: 3 days
Judge: hickuphh3
Total Solo HM: 2
Id: 161
League: ETH
Rank: 87/101
Findings: 1
Award: $33.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas
33.5774 USDC - $33.58
Non-library/interface files should use fixed compiler versions, not floating ones
Delete the floating keyword ^.
2022-09-tribe/blob/main/contracts/peg/SimpleFeiDaiPSM.sol#L2 pragma solidity ^0.8.4;
2022-09-tribe/blob/main/contracts/shutdown/redeem/TribeRedeemer.sol#L2 pragma solidity ^0.8.4;
Use a solidity version of at least 0.8.4 to get bytes.concat() instead of abi.encodePacked (<bytes>, <bytes>) Use a solidity version of at least 0.8.12 to get string.concat() instead of abi.encodePacked (<str>, <str>) Use a solidity version of at least 0.8.13 to get the ability to use using for with a list of free functions
Use more recent version of solidity.
2022-09-tribe/blob/main/contracts/peg/SimpleFeiDaiPSM.sol#L2 pragma solidity ^0.8.4;
2022-09-tribe/blob/main/contracts/shutdown/fuse/MerkleRedeemerDripper.sol#L2 pragma solidity =0.8.10;
2022-09-tribe/blob/main/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L2 pragma solidity =0.8.10;
2022-09-tribe/blob/main/contracts/shutdown/redeem/TribeRedeemer.sol#L2 pragma solidity ^0.8.4;
string.concat() orbytes.concat()Solidity version 0.8.4 introduces bytes.concat() (vs abi.encodePacked(<bytes>,<bytes>))Solidity version 0.8.12 introduces string.concat()(vs abi.encodePacked(<str>,<str>))
Use concat instead of abi.encodePacked
2022-09-tribe/blob/main/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L174 bytes32 leafHash = keccak256(abi.encodePacked(msg.sender, _amount));
Variable names that consist of all capital letters should be reserved for constant/immutable variables.
Variables that are not constant/immutable should be declared in the lower case also, and the name of constant/immutable variables should be declared in capital letters
https://github.com/code-423n4/2022-09-tribe/blob/main/contracts/peg/SimpleFeiDaiPSM.sol#L75 https://github.com/code-423n4/2022-09-tribe/blob/main/contracts/peg/SimpleFeiDaiPSM.sol#L92-L98