Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 89/109
Findings: 1
Award: $55.20
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron
55.1985 USDC - $55.20
Codebase looks mature and well thought-out. Documentation is complete and testing coverage is high. The codebase could benefit with a few small adjustments to further simplify the codebase.
| Issue | Instances | |
|---|---|---|
| 1 | Left shift could be replaced by mul | 1 |
| 2 | Minor oversight - Internal Function is named as if it was public Function is internal not prefixed with _ | 1 |
| 3 | Missing checks for address(0x0) when assigning values to address state variables | 3 |
| 4 | Inconsistent use of inline delete | 1 |
Quoting transmissions11 here https://github.com/artgobblers/art-gobblers/issues/145
the left shift doesnt save any gas and just hurts readability
uint256 newNumMintedForReserves = numMintedForReserves += (numGobblersEach << 1);
internal not prefixed with _Function getNextValidator() is internal but not prefixed with _
function updateUserGooBalance( address user, uint256 gooAmount, GooBalanceUpdateType updateType ) internal {
2022-09-artgobblers/src/ArtGobblers.sol:813:5
Zero address should be checked for state variables and some parameters in functions like mints, withdrawals... A zero address can lead into problems.
constructor( // Mint config: bytes32 _merkleRoot, uint256 _mintStart, // Addresses: Goo _goo, Pages _pages, address _team, address _community, RandProvider _randProvider, // URIs: string memory _baseUri, string memory _unrevealedUri ) GobblersERC721("Art Gobblers", "GOBBLER") Owned(msg.sender) LogisticVRGDA( 69.42e18, // Target price. 0.31e18, // Price decay percent. // Max gobblers mintable via VRGDA. toWadUnsafe(MAX_MINTABLE), 0.0023e18 // Time scale. ) { mintStart = _mintStart; merkleRoot = _merkleRoot; goo = _goo; pages = _pages; team = _team; community = _community;
Check zero address for state variables before assigning to them a value
2022-09-artgobblers/src/ArtGobblers.sol:316:9 2022-09-artgobblers/src/ArtGobblers.sol:317:9 2022-09-artgobblers/src/Goo.sol:83:9
Gas costs are the same. More readable Less complex Less likely for solidity to have issues with it since itβs less esoteric. Deletion of field inside and outside the event have no difference in gas costs.
https://github.com/artgobblers/art-gobblers/issues/149
emit Transfer(msg.sender, getGobblerData[id].owner = address(0), id);
#0 - GalloDaSballo
2022-10-06T19:00:19Z
R
R
L
R
1L 3R