Back to aysha's contests

Illuminate contest - aysha's results

Your Sole Source For Fixed-Yields.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $55,000 USDC

Total HM: 29

Participants: 88

Period: 5 days

Judge: gzeon

Total Solo HM: 7

Id: 134

League: ETH

Illuminate

Findings Distribution

Researcher Performance

Rank: 71/88

Findings: 1

Award: $63.94

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryIlluminate

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kenshin, Kulk0, Lambda, Limbooo, MadWookie, Metatron, Picodes, Soosh, StErMi, TomJ, WatchPug, Waze, Yiko, _Adam, ak1, asutorufos, aysha, bardamu, catchup, datapunk, delfin454000, dipp, fatherOfBlocks, grGred, hake, hansfriese, hyh, joestakey, kebabsec, kenzo, kirk-baird, oyc_109, pashov, poirots, rfa, robee, saian, sashik_eth, shenwilly, simon135, slywaters, z3s, zeesaw, zer0dot

Awards

63.9425 USDC - $63.94

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Title: Unlocked pragma Title: Multiple Solidity pragma:

Impact

Contracts should be deployed using the same compiler version/flags with which they have been tested.

Proof of Concept

https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/marketplace/ERC20.sol#L3 https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/marketplace/ERC20Permit.sol#L3 https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/marketplace/ERC5095.sol#L2 https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/marketplace/Interfaces.sol#L3 https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/marketplace/MarketPlace.sol#L3

Tools Used

Manual

Locking the pragma ensures that contracts do not accidentally get deployed using an older compiler version with unfixed bugs. see here: https://swcregistry.io/docs/SWC-103

It is better to use one Solidity compiler version across all contracts instead of different versions with different bugs and security checks. see here https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used

==================================================================== Title: Ambiguous variable names

Impact

As a result, code is difficult to review. https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar

Proof of Concept

https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/redeemer/Redeemer.sol#L240

Tools Used

Manual

Prevent variables from having Ambiguous names.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter