Platform: Code4rena
Start Date: 08/06/2022
Pot Size: $115,000 USDC
Total HM: 26
Participants: 72
Period: 11 days
Judge: leastwood
Total Solo HM: 14
Id: 132
League: ETH
Rank: 44/72
Findings: 2
Award: $226.77
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BowTiedWardens
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 0xmint, Chom, ElKu, Funen, IllIllI, JMukesh, Jujic, Kaiziron, Lambda, MiloTruck, Ruhum, SmartSek, SooYa, TerrierLover, TomJ, WatchPug, Waze, _Adam, asutorufos, auditor0517, bardamu, c3phas, catchup, cccz, ch13fd357r0y3r, cloudjunky, cmichel, cryptphi, csanuragjain, defsec, fatherOfBlocks, hansfriese, hyh, jayjonah8, joestakey, k, kenta, obtarian, oyc_109, robee, sach1r0, shenwilly, simon135, slywaters, sorrynotsorry, tintin, unforgiven, xiaoming90, zzzitron
142.2658 USDC - $142.27
N-1 CRITICAL CHANGES SHOULD USE TWO-STEP PROCEDURE Critical procedure should have two step processes. ConnextPriceOracle.sol L#168 N-2 Functions Mutating Storage Should Emit Events Functions that mutate storage should emit an events to easily monitor that function. StableSwap.sol L#448 StableSwap.sol L#456 PortalFacet.sol L#57 PortalFacet.sol L#65 NomadFacet.sol L#25
L-1 Unspecific Compiler Version Pragma Avoid floating pragmas for non-library contracts. DiamondInit.sol L#2
L-2 Missing zero-address check in constructors and the setter functions Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly. [SponsorVault.sol L#128]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/SponsorVault.sol#:~:text=)%20Ownable()%20%7B-,_setConnext(_connext)%3B,-%7D [Executor.sol L#48]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/Executor.sol#:~:text=address%20_connext)%20%7B-,connext%20%3D%20_connext%3B,-%7D Consider adding zero address checks like: require(connext != address(0));
#0 - jakekidd
2022-07-01T22:37:59Z
L-2 is invalid, rest are good
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, BowTiedWardens, ElKu, Fitraldys, Funen, Kaiziron, Lambda, Metatron, MiloTruck, Randyyy, Ruhum, SmartSek, TomJ, Tomio, UnusualTurtle, Waze, _Adam, apostle0x01, asutorufos, c3phas, catchup, csanuragjain, defsec, fatherOfBlocks, hansfriese, hyh, ignacio, joestakey, k, kaden, nahnah, oyc_109, rfa, robee, sach1r0, simon135, slywaters
84.4973 USDC - $84.50
G-1 Don't Initialize Variables with Default Value Explicitly initializing a variable with it's default value costs unnecesary gas. BridgeFacet.sol L#68 StableSwapFacet.sol L#415 VersionFacet.sol L#16 StableSwap.sol L#81 ConnextPriceOracle.sol L#176
G-2 Caching Array Length outside of loops saves gave per iteration It saves reading it on each iteration, as long as the array's length is not changed during the loop. ConnextPriceOracle.sol L#176 StableSwap.sol L#81 StableSwapFacet.sol L#415
G-3 Using != 0 instead of > 0 for Unsigned Integers Comparisons
It's cheaper using != 0 when dealing with unsigned integers types`
[StableSwap.sol L#82]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/StableSwap.sol#L8:~:text=i%2B%2B)%20%7B-,if%20(i%20%3E%200)%20%7B,-//%20Check%20if%20index