Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 84/168
Findings: 2
Award: $106.40
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7775 USDC - $60.78
#1 Missing address check constructor
Checking addresses against zero-address during initialization in constructor is a security best-practice. However, such checks are missing in multiple constructors.
Allowing zero-addresses will lead to contract reverts and force redeployments if there are no setters for such address variables. So i suggest to Add zero-address checks in all the constructors
#2 Initialize missing address check
Init function is used to initialize the state variables. Since these state variables are used in many functions, it is possible that due to lack of input validation, an error in these state variables can lead to redeployment of contract. So i recommend to add zero address validation.
#3 Natspec comment incomplete
Natspec comment incomplete. I suggest to complete.
#4 Missing indexed field
event is missing indexed fields. Add indexed at important field for increase creadibility.
#5 Unused receive()function will lock ether in contract
If the intention is for the Ether to be used, the function should call another function, otherwise it should revert. Remove these functions, or include a call to rescueETH in receive(), so that a user that mistakenly sends ETH to the Staker retrieves it immediately.
#6 Mint(): Missing zero address check
To avoid zero address. We suggest to add simple check zero address in the function.
#7 Use safemint() instead of mint() when possible
_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA. In OpenZeppelin have versions of this function so that NFTs aren’t lost if they’re minted to contracts that cannot transfer them back out. so i suggest to use safemint() instead min().
#8 Lack of zero addrres check for implementation
the function is accepting parameter implementation of type address. However it is not checked for zero address. i suggest to add validatin for zero address.
#9 Floating pragma
In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively. We suggest to update pragma to 0.8.15.
#0 - GalloDaSballo
2022-09-27T01:15:22Z
L
NC
NC
Rest I disagree with
1L 2NC
🌟 Selected for report: pfapostol
Also found by: 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Cr4ckM3, Deivitto, DimSon, Franfran, JAGADESH, JC, Jeiwan, Lambda, LeoS, Matin, Metatron, Migue, MiloTruck, PPrieditis, PaludoX0, R2, RaymondFam, Respx, ReyAdmirado, Rolezn, Saintcode_, Samatak, SnowMan, StevenL, Tointer, TomJ, Tomo, WatchDogs, Waze, _Adam, __141345__, ajtra, asutorufos, ballx, brgltd, bulej93, c3phas, ch0bu, dharma09, djxploit, durianSausage, easy_peasy, fatherOfBlocks, gianganhnguyen, gogo, imare, leosathya, lucacez, martin, oyc_109, pauliax, peiw, prasantgupta52, ret2basic, rfa, robee, sikorico, simon135, tofunmi, volky, wagmi, zishansami
45.6207 USDC - $45.62
#1 Use storage instead memory
Use storage instead of memory to reduce the gas fee. i suggest to change this.
#2 Use calldata instead memory
In the external functions where the function argument is read-only, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it.
#3 Pre increment
pre increment e.g ++i more cheaper gas than post increment e.g i++. We suggest to use pre increment.
#4 x = x + y more cheap than x += y for state variables
Change the state to x = x + y for gas efficiency
#0 - GalloDaSballo
2022-09-26T20:48:54Z
500