Back to bobirichman's contests

Mimo August 2022 contest - bobirichman's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 02/08/2022

Pot Size: $50,000 USDC

Total HM: 12

Participants: 69

Period: 5 days

Judge: gzeon

Total Solo HM: 5

Id: 150

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 33/69

Findings: 2

Award: $115.29

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xc0ffEE, 8olidity, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, Funen, JC, JohnSmith, NoamYakov, ReyAdmirado, Rohan16, Rolezn, Sm4rty, SooYa, TomFrenchBlockchain, TomJ, Waze, __141345__, ajtra, ak1, aysha, bin2chen, bobirichman, brgltd, bulej93, c3phas, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, horsefacts, hyh, ladboy233, mics, natzuu, nxrblsrpr, oyc_109, rbserver, samruna, sikorico, simon135, tofunmi, wagmi

Awards

74.5523 USDC - $74.55

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA REPORT

[LOW] Missing nonReentrancy modifier

The following functions allows attackers to try reentrancy since they are calling to external contracts / transferring eth. Consider adding a nonReentrancy modifier.

Proof of concept:

[LOW] Add timelock for the following functions

Using a timelock in the following type of functions is common among defi protocols.

Proof of concept:

[LOW] Not verified input

At the following functions you should verify the parameters that are being assigned to a state variable.

Proof of concept:

[LOW] Payable functions that should not be payable

The following functions are payable but doesn't record the sender transaction. Consider making them not payable instead.

Proof of concept:

[NON CRITICAL] Floating pragma

Floating pragma is a bad practice, since it does not guaranty the same version at future deployments.

Proof of concept:

[NON CRITICAL] Missing function spec comments

Proof of concept:

[NON CRITICAL] Consider emitting an event at the following functions

Proof of concept:

[NON CRITICAL] Unused function parameters should have name removed

If for any reason the following unused parameters are necessary then remove their naming (since only the type matters for function signature)

Proof of concept:

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xSmartContract, 0xc0ffEE, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Fitraldys, Funen, IllIllI, JC, JohnSmith, NoamYakov, ReyAdmirado, Rolezn, TomJ, Waze, ajtra, bearonbike, bobirichman, brgltd, c3phas, durianSausage, fatherOfBlocks, gogo, ignacio, jag, joestakey, ladboy233, mics, oyc_109, rbserver, samruna, sikorico, simon135

Awards

40.7442 USDC - $40.74

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

GAS REPORT

[GAS] Use abiEncodePacked()

Proof of concept:

[GAS] Cache array size

You can cache the array size to improve gas usage in the following locations Example: DexAddressProvider.sol#L22

[GAS] Do not cache msg.sender since loading msg.sender is more efficient than a local variable

Proof of concept:

[GAS] Use > instead != to compare uint with 0

Example: MIMORebalance.sol#L134

[GAS] In the following revert statements consider using custom error instead a message

Proof of concept:

[GAS] Use assembly opcodes iszero in the following locations

Proof of concept:

[GAS] Mark as payable If has onlyOwner modifier

In order to save gas you can put a payable modifier for functions that are called by protocol owners. Example: DexAddressProvider.sol#L39

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter