Rigor Protocol contest - ballx's results

Community lending and instant payments for new home construction.

General Information

Platform: Code4rena

Start Date: 01/08/2022

Pot Size: $50,000 USDC

Total HM: 26

Participants: 133

Period: 5 days

Judge: Jack the Pug

Total Solo HM: 6

Id: 151

League: ETH

Rigor Protocol

Findings Distribution

Researcher Performance

Rank: 120/133

Findings: 1

Award: $21.73

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Rigor Protocol

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x040, 0x1f8b, 0xA5DF, 0xNazgul, 0xSmartContract, 0xSolus, 0xc0ffEE, 0xkatana, 0xsam, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chinmay, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Extropy, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, Lambda, MEP, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, TomJ, Tomio, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, ballx, benbaessler, bharg4v, bobirichman, brgltd, cryptonue, defsec, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gerdusx, gogo, hake, hyh, ignacio, jag, kaden, kyteg, lucacez, mics, minhquanym, oyc_109, pfapostol, rbserver, ret2basic, robee, rokinot, sach1r0, saian, samruna, scaraven, sikorico, simon135, supernova, teddav, tofunmi, zeesaw

Awards

21.7291 USDC - $21.73

Labels

bug

G (Gas Optimization)

valid

External Links

Link to GitHub issue

c4udit Report

Files analyzed

2022-08-rigor/contracts/Community.sol
2022-08-rigor/contracts/DebtToken.sol
2022-08-rigor/contracts/Disputes.sol
2022-08-rigor/contracts/HomeFi.sol
2022-08-rigor/contracts/HomeFiProxy.sol
2022-08-rigor/contracts/Project.sol
2022-08-rigor/contracts/ProjectFactory.sol
2022-08-rigor/contracts/interfaces/ICommunity.sol
2022-08-rigor/contracts/interfaces/IDebtToken.sol
2022-08-rigor/contracts/interfaces/IDisputes.sol
2022-08-rigor/contracts/interfaces/IHomeFi.sol
2022-08-rigor/contracts/interfaces/IProject.sol
2022-08-rigor/contracts/interfaces/IProjectFactory.sol
2022-08-rigor/contracts/libraries/SignatureDecoder.sol
2022-08-rigor/contracts/libraries/Tasks.sol
2022-08-rigor/contracts/mock/CommunityV2Mock.sol
2022-08-rigor/contracts/mock/DebtTokenV2Mock.sol
2022-08-rigor/contracts/mock/DisputesV2Mock.sol
2022-08-rigor/contracts/mock/HomeFiMock.sol
2022-08-rigor/contracts/mock/HomeFiV2Mock.sol
2022-08-rigor/contracts/mock/HomeFiV3Mock.sol
2022-08-rigor/contracts/mock/MockMinimalForwarder.sol
2022-08-rigor/contracts/mock/ProjectV2Mock.sol
2022-08-rigor/contracts/mock/SignatureDecoderMockTest.sol
2022-08-rigor/contracts/mock/USDC.sol

Issues found

Don't Initialize Variables with Default Value

Impact

Issue Information: G001

Findings:

2022-08-rigor/contracts/Community.sol::624 => for (uint256 i = 0; i < _communities[_communityID].memberCount; i++) {
2022-08-rigor/contracts/HomeFiProxy.sol::87 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/HomeFiProxy.sol::136 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::248 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::311 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::322 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/libraries/Tasks.sol::181 => for (uint256 i = 0; i < _length; i++) _alerts[i] = _self.alerts[i];

Tools used

c4udit

Cache Array Length Outside of Loop

Impact

Issue Information: G002

Findings:

2022-08-rigor/contracts/Community.sol::618 => // Initiate empty equal equal to member count length
2022-08-rigor/contracts/HomeFiProxy.sol::78 => uint256 _length = allContractNames.length;
2022-08-rigor/contracts/HomeFiProxy.sol::80 => // Revert if _implementations length is wrong. Indicating wrong set of _implementations.
2022-08-rigor/contracts/HomeFiProxy.sol::81 => require(_length == _implementations.length, "Proxy::Lengths !match");
2022-08-rigor/contracts/HomeFiProxy.sol::87 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/HomeFiProxy.sol::130 => uint256 _length = _contractNames.length;
2022-08-rigor/contracts/HomeFiProxy.sol::132 => // Revert if _contractNames and _contractAddresses length mismatch
2022-08-rigor/contracts/HomeFiProxy.sol::133 => require(_length == _contractAddresses.length, "Proxy::Lengths !match");
2022-08-rigor/contracts/HomeFiProxy.sol::136 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::243 => // Revert if IPFS hash array length is not equal to task cost array length.
2022-08-rigor/contracts/Project.sol::244 => uint256 _length = _hash.length;
2022-08-rigor/contracts/Project.sol::245 => require(_length == _taskCosts.length, "Project::Lengths !match");
2022-08-rigor/contracts/Project.sol::248 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::306 => // Revert if taskList array length not equal to scList array length.
2022-08-rigor/contracts/Project.sol::307 => uint256 _length = _taskList.length;
2022-08-rigor/contracts/Project.sol::308 => require(_length == _scList.length, "Project::Lengths !match");
2022-08-rigor/contracts/Project.sol::311 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::321 => uint256 _length = _taskList.length;
2022-08-rigor/contracts/Project.sol::322 => for (uint256 i = 0; i < _length; i++) {
2022-08-rigor/contracts/Project.sol::367 => uint256 _length = taskCount;
2022-08-rigor/contracts/Project.sol::368 => for (uint256 _taskID = 1; _taskID <= _length; _taskID++) {
2022-08-rigor/contracts/Project.sol::592 => taskCount - j + _changeOrderedTask.length - i
2022-08-rigor/contracts/Project.sol::601 => if (_changeOrderedTask.length > 0) {
2022-08-rigor/contracts/Project.sol::602 => // Loop from lastAllocatedChangeOrderTask to _changeOrderedTask length (until _maxLoop)
2022-08-rigor/contracts/Project.sol::603 => for (; i < _changeOrderedTask.length; i++) {
2022-08-rigor/contracts/Project.sol::635 => if (i == _changeOrderedTask.length) {
2022-08-rigor/contracts/Project.sol::707 => uint256 _length = taskCount;
2022-08-rigor/contracts/Project.sol::710 => for (uint256 _taskID = 1; _taskID <= _length; _taskID++) {
2022-08-rigor/contracts/libraries/SignatureDecoder.sol::25 => if (messageSignatures.length % 65 != 0) {
2022-08-rigor/contracts/libraries/Tasks.sol::180 => uint256 _length = _alerts.length;
2022-08-rigor/contracts/libraries/Tasks.sol::181 => for (uint256 i = 0; i < _length; i++) _alerts[i] = _self.alerts[i];

Tools used

c4udit

Use != 0 instead of > 0 for Unsigned Integer Comparison

Impact

Issue Information: G003

Findings:

2022-08-rigor/contracts/Community.sol::261 => if (projectPublished[_project] > 0) {
2022-08-rigor/contracts/Community.sol::425 => // First claim interest if principal lent > 0
2022-08-rigor/contracts/Community.sol::427 => _communities[_communityID].projectDetails[_project].lentAmount > 0
2022-08-rigor/contracts/Community.sol::764 => require(_repayAmount > 0, "Community::!repay");
2022-08-rigor/contracts/Community.sol::840 => if (_interestEarned > 0) {
2022-08-rigor/contracts/Disputes.sol::107 => _actionType > 0 && _actionType <= uint8(ActionType.TaskPay),
2022-08-rigor/contracts/HomeFi.sol::245 => return projectTokenId[_project] > 0;
2022-08-rigor/contracts/Project.sol::195 => require(_cost > 0, "Project::!value>0");
2022-08-rigor/contracts/Project.sol::380 => if (_leftOutTokens > 0) {
2022-08-rigor/contracts/Project.sol::601 => if (_changeOrderedTask.length > 0) {
2022-08-rigor/contracts/Project.sol::691 => if (_loopCount > 0) emit TaskAllocated(_tasksAllocated);
2022-08-rigor/contracts/mock/HomeFiMock.sol::171 => return projectTokenId[_project] > 0;

Tools used

c4udit

Use immutable for OpenZeppelin AccessControl's Roles Declarations

Impact

Issue Information: G006

Findings:

2022-08-rigor/contracts/Community.sol::175 => bytes32 _hash = keccak256(_data);
2022-08-rigor/contracts/Community.sol::213 => bytes32 _hash = keccak256(_data);
2022-08-rigor/contracts/Community.sol::530 => bytes32 _hash = keccak256(_data);
2022-08-rigor/contracts/Disputes.sol::91 => keccak256(_data),
2022-08-rigor/contracts/Project.sol::499 => keccak256(_data),
2022-08-rigor/contracts/Project.sol::795 => bytes32 _hash = keccak256(_data);
2022-08-rigor/contracts/Project.sol::836 => bytes32 _hash = keccak256(_data);
2022-08-rigor/contracts/libraries/SignatureDecoder.sol::14 => * @param messageHash bytes32 - keccak256 hash of message
2022-08-rigor/contracts/libraries/SignatureDecoder.sol::49 => keccak256(

Tools used

c4udit

Long Revert Strings

Impact

Issue Information: G007

Findings:

2022-08-rigor/contracts/Community.sol::8 => import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
2022-08-rigor/contracts/Community.sol::9 => import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
2022-08-rigor/contracts/Community.sol::10 => import {ContextUpgradeable, ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/Community.sol::11 => import {SafeERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
2022-08-rigor/contracts/DebtToken.sol::6 => import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
2022-08-rigor/contracts/Disputes.sol::8 => import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
2022-08-rigor/contracts/Disputes.sol::9 => import {ContextUpgradeable, ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/HomeFi.sol::7 => import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
2022-08-rigor/contracts/HomeFi.sol::8 => import {ERC721URIStorageUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721URIStorageUpgradeable.sol";
2022-08-rigor/contracts/HomeFi.sol::9 => import {ContextUpgradeable, ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/HomeFiProxy.sol::5 => import {TransparentUpgradeableProxy} from "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
2022-08-rigor/contracts/HomeFiProxy.sol::6 => import {ProxyAdmin} from "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol";
2022-08-rigor/contracts/HomeFiProxy.sol::7 => import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
2022-08-rigor/contracts/Project.sol::9 => import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
2022-08-rigor/contracts/Project.sol::10 => import {ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/Project.sol::11 => import {SafeERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
2022-08-rigor/contracts/ProjectFactory.sol::8 => import {ClonesUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/ClonesUpgradeable.sol";
2022-08-rigor/contracts/ProjectFactory.sol::9 => import {Initializable, ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/interfaces/IDebtToken.sol::5 => import {IERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
2022-08-rigor/contracts/interfaces/IDisputes.sol::81 => *   - const types = ["address", "uint256", "uint8", "bytes", "bytes"]
2022-08-rigor/contracts/mock/HomeFiMock.sol::6 => import {IProjectFactory} from "../interfaces/IProjectFactory.sol";
2022-08-rigor/contracts/mock/HomeFiMock.sol::7 => import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
2022-08-rigor/contracts/mock/HomeFiMock.sol::8 => import {ERC721URIStorageUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721URIStorageUpgradeable.sol";
2022-08-rigor/contracts/mock/HomeFiMock.sol::9 => import {ContextUpgradeable, ERC2771ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/metatx/ERC2771ContextUpgradeable.sol";
2022-08-rigor/contracts/mock/MockMinimalForwarder.sol::5 => import "@openzeppelin/contracts/metatx/MinimalForwarder.sol";
2022-08-rigor/contracts/mock/SignatureDecoderMockTest.sol::5 => import "../libraries/SignatureDecoder.sol";
2022-08-rigor/contracts/mock/USDC.sol::3 => import "@openzeppelin/contracts/token/ERC20/presets/ERC20PresetMinterPauser.sol";
2022-08-rigor/contracts/mock/USDC.sol::4 => import "@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol";

Tools used

c4udit

Use Shift Right/Left instead of Division/Multiplication if possible

Impact

Issue Information: G008

Findings:

2022-08-rigor/contracts/Community.sol::686 => _communityProject.lastTimestamp) / 86400; // 24*60*60

Tools used

c4udit

Rigor Protocol contest - ballx's results

Community lending and instant payments for new home construction.

General Information

Findings Distribution

Researcher Performance

External Links

[G-40] Gas Report - $21.73

Findings Information

Awards

Labels

External Links

c4udit Report

Files analyzed

Issues found

Don't Initialize Variables with Default Value

Impact

Findings:

Tools used

Cache Array Length Outside of Loop

Impact

Findings:

Tools used

Use != 0 instead of > 0 for Unsigned Integer Comparison

Impact

Findings:

Tools used

Use immutable for OpenZeppelin AccessControl's Roles Declarations

Impact

Findings:

Tools used

Long Revert Strings

Impact

Findings:

Tools used

Use Shift Right/Left instead of Division/Multiplication if possible

Impact

Findings:

Tools used