Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 63/133
Findings: 2
Award: $40.98
π Selected for report: 0
π Solo Findings: 0
π Selected for report: rotcivegaf
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, B2, Bahurum, Bnke0x0, Ch_301, CodingNameKiki, Deivitto, Diana, Funen, IllIllI, JC, JLevick, KIntern_NA, Lambda, OptimismSec, PaludoX0, RockingMiles, Rolezn, Sm4rty, Soosh, Tagir2003, Tointer, TomJ, Triangle, Trust, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, asutorufos, ayeslick, aysha, bbuddha, bharg4v, bobirichman, brgltd, bytera, c3phas, cryptostellar5, cryptphi, csanuragjain, datapunk, delfin454000, durianSausage, exd0tpy, gogo, got_targ, jag, joestakey, karanctf, ladboy233, leosathya, lukris02, mics, millersplanet, natzuu, neko_nyaa, obront, oyc_109, parashar, peritoflores, rbserver, ret2basic, rokinot, ronnyx2017, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, tnevler, yasir, yongskiws
28.1669 USDC - $28.17
#1 Missing check zero address constructor
Checking addresses against zero-address during initialization in constructor is a security best-practice. However, such checks are missing in multiple constructors.β¨Allowing zero-addresses will lead to contract reverts and force redeployments if there are no setters for such address variables. So i suggest to Add zero-address checks in all the constructors.
To avoid zero address. We suggest to add simple check zero address in the function.
#3 Missing check address for mint
To avoid zero address. We suggest to add simple check zero address in the mint function. look openzepellin docs.
#4 Must be immutable
the variable state can't be initialize by constructor due to missing immutable tag. the constructor parameter mention some variables state to initialize the value. so i suggest to add immutable to the variables .
#5 File natspec missing
the file has a natspec comment to explain utility about function or parameter. So add natspec comment to increase readability
#6 Natspec incomplete
Natspec comment incomplete. I suggest to complete the natspec comment.
#7 Missing indexed field
event is missing indexed fields. Add indexed at important field for increase creadibility.
#8 Missing check amount must be greater than zero
add check requirement amount must be greater than zero to ensure theaccount have some amount check openzeppelin docs
#9 Use safeincrease/safedecrease or safeapprove
the approve() function returns a boolean indicating whether it was successful or not. Best practice is to either check the return value or use safeApprove() / safeIncreaseAllowance() which will revert if the operation was unsuccessful. we suggest to use safeApprove() / safeIncreaseAllowance() instead of approve().
#10 Missing checks zero address recipient
To avoid zero address in recipient address. We suggest to add simple check zero address in the function.
π Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami
12.811 USDC - $12.81
#1 Looping
default uint is 0 so remove unnecassary explicit can reduce gas. pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment. caching the array length can reduce gas it caused access to a local variable is more cheap than query storage / calldata / memory in solidity.
#2 Use calldata instead of memory
In the external functions where the function argument is read-only, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it.
#3 Use storage instead memory
Use storage instead of memory to reduce the gas fee. i suggest to change this.
#4 Visibility
change visibility from public to private or internal can save the gas.
#5 Use x = x + y or x = x - y more cheap than x += y or x -= y for state variables
Change the state to x = x + y or x = x - y for gas efficiency