Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 95/147
Findings: 2
Award: $86.89
š Selected for report: 0
š Solo Findings: 0
š Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.3128 DAI - $54.31
[1]
e.g. Kernel.executeAction(Actions,address).target_ on Actions.ChangeExecutor and Actions.ChangeAdmin:
Before
} else if (action_ == Actions.ChangeExecutor) { executor = target_; } else if (action_ == Actions.ChangeAdmin) { admin = target_; }
After
} else if (action_ == Actions.ChangeExecutor) { if(target_ == address(0)) revert Kernel_InvalidAddress(); proposedExecutor = target_; } else if (action_ == Actions.ChangeAdmin) { if(target_ == address(0)) revert Kernel_InvalidAddress(); proposedAdmin = target_; } // ... function acceptProposedExecutor() external { if(msg.sender != proposedExecutor) revert Kernel_InvalidExecutor(); executor = proposedExecutor; } function acceptProposedAdmin() external { if(msg.sender != proposedAdmin) revert Kernel_InvalidAdmin(); admin = proposedAdmin; }
[2]
Missing RewardUpdated event on constructor from Heart.sol
Before
constructor( Kernel kernel_, IOperator operator_, ERC20 rewardToken_, uint256 reward_ ) Policy(kernel_) { _operator = operator_; active = true; lastBeat = block.timestamp; rewardToken = rewardToken_; reward = reward_; }
After
constructor( Kernel kernel_, IOperator operator_, ERC20 rewardToken_, uint256 reward_ ) Policy(kernel_) { _operator = operator_; active = true; lastBeat = block.timestamp; rewardToken = rewardToken_; reward = reward_; emit RewardUpdated(rewardToken_; reward_); }
š Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.5835 DAI - $32.58
Gas optimization in src/policies/Governance.sol function endorseProposal(uint256 proposalId_)
// undo any previous endorsement the user made on these instructions uint256 previousEndorsement = userEndorsementsForProposal[proposalId_][msg.sender]; totalEndorsementsForProposal[proposalId_] -= previousEndorsement; // reapply user endorsements with most up-to-date votes userEndorsementsForProposal[proposalId_][msg.sender] = userVotes; totalEndorsementsForProposal[proposalId_] += userVotes;
// gas reporter ā endorseProposal ā 6874 ā 39015 ā 30774 ā 52674 ā 43 ā
After
// undo any previous endorsement the user made on these instructions uint256 previousEndorsement = userEndorsementsForProposal[proposalId_][msg.sender]; // reapply user endorsements with most up-to-date votes userEndorsementsForProposal[proposalId_][msg.sender] = userVotes; totalEndorsementsForProposal[proposalId_] += userVotes - previousEndorsement;
// gas reporter ā endorseProposal ā 6449 ā 38610 ā 30349 ā 52249 ā 43 ā