Platform: Code4rena
Start Date: 01/08/2022
Pot Size: $50,000 USDC
Total HM: 26
Participants: 133
Period: 5 days
Judge: Jack the Pug
Total Solo HM: 6
Id: 151
League: ETH
Rank: 86/133
Findings: 2
Award: $62.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xNineDec, 0xSmartContract, 0xSolus, 0xf15ers, 0xkatana, 0xsolstars, 8olidity, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Extropy, Funen, GalloDaSballo, Guardian, IllIllI, JC, Jujic, MEP, Noah3o6, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, Soosh, Throne6g, TomJ, Tomio, TrungOre, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, arcoun, asutorufos, ayeslick, benbaessler, berndartmueller, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, codexploder, cryptonue, cryptphi, defsec, delfin454000, dipp, djxploit, erictee, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, horsefacts, hyh, ignacio, indijanc, joestakey, kaden, mics, minhquanym, neumo, obront, oyc_109, p_crypt0, pfapostol, poirots, rbserver, robee, rokinot, rotcivegaf, sach1r0, saian, samruna, saneryee, scaraven, sikorico, simon135, sseefried, supernova
40.621 USDC - $40.62
#1 missing emit for mint
Add event transfer to incrase credibility and emit a transfer event with from set to the zero address. check openzeppelin docs.
#2 missing check of address and amount
Add simple check with requirements
check OZ's Docs.
#3 delete unused function before deploy when possible
remove all unused code in contract before deploy the contract to increase readibility and saving gas fee.
#4 initialize function missing check requirement address forwarder
add simple check for forwarder. the address forwader cant be 0.
#5 missing check for lenderfee https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFi.sol#L94
check for lenderfee that the lenderfee must greater than 0.
#6 missing check for address
add simple check for requirement _to mint can be zero address. check OZ's Docs for detail.
#7 Magic number
Constant should be defined rather than using magic number.
#8 missing check for address
add simple check for requirement _to mint can be zero address due to modifier onlyCommunityContract was not found in IDebtToken.sol. check OZ's Docs for detail.
#9 missing emit for burn
Add event transfer to incrase credibility and emit a transfer event with from set to the zero address. check openzeppelin docs.
🌟 Selected for report: c3phas
Also found by: 0x040, 0x1f8b, 0xA5DF, 0xNazgul, 0xSmartContract, 0xSolus, 0xc0ffEE, 0xkatana, 0xsam, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chinmay, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Extropy, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, Lambda, MEP, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, TomJ, Tomio, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, ballx, benbaessler, bharg4v, bobirichman, brgltd, cryptonue, defsec, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gerdusx, gogo, hake, hyh, ignacio, jag, kaden, kyteg, lucacez, mics, minhquanym, oyc_109, pfapostol, rbserver, ret2basic, robee, rokinot, sach1r0, saian, samruna, scaraven, sikorico, simon135, supernova, teddav, tofunmi, zeesaw
21.7225 USDC - $21.72
#1 Cache _implementations.length
cache the _implementations.length to the local too for saving the gas fee. because mload is cheaper than sload.
#2 cache _contractAddresses.length
cache the _contractAddresses.length to the local too for saving the gas fee. because mload is cheaper than sload.
#3 looping
default value uint is 0 so remove unnecassary explicit can reduce gas. pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
#4 use !=0 instead of >0
for unsigned integer, >0 is less efficient then !=0, so use !=0 instead of >0. apply to others.
#5 use storage instead of memory
Use storage instead of memory to reduce the gas fee. i suggest to change this.
#6 visibility
change visibility from public to private or internal can save gas. so i recommend to change it.
#7 cache _taskCosts.length
cache the _taskCosts.length to the local too for saving the gas fee. because mload is cheaper than sload.
#8 cache _scList.length
cache the _scList.length to the local too for saving the gas fee. because mload is cheaper than sload.
#9 cache _changeOrderedTask.length
cache the _changeOrderedTask.length to the local too for saving the gas fee. because mload is cheaper than sload.
#10 pre increment
pre-increment more cheap than post increment about 5 gas. so use pre increment e.g. ++i
#11 use calldata instead memory
In the external functions where the function argument is read-only, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it.