Platform: Code4rena
Start Date: 07/10/2022
Pot Size: $50,000 USDC
Total HM: 4
Participants: 62
Period: 5 days
Judge: 0xean
Total Solo HM: 2
Id: 169
League: ETH
Rank: 29/62
Findings: 1
Award: $50.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 0x1f8b, 0x4non, 0xNazgul, Bnke0x0, Chom, IllIllI, Josiah, Rahoz, RaymondFam, Trust, Waze, ajtra, bobirichman, brgltd, bulej93, c3phas, cccz, chrisdior4, delfin454000, fatherOfBlocks, gogo, ladboy233, mcwildy, mics, nicobevi, oyc_109, rbserver, rotcivegaf, zzzitron
50.2765 USDC - $50.28
Where the fee parameter validation is checking greater than 0% (which may happen by mistake) and less than 100%
Example: Staking.sol#L406
At some tokens you can approve an amount (at USDT for instance) only after approving to 0. Consider using increase/decrease approve notation instead.
At the following functions you should verify the parameters that are being assigned to a state variable.
The following functions are payable but doesn't record the sender transaction. Consider making them not payable instead.
The following functions allows attackers to try reentrancy since they are calling to external contracts / transferring eth. Consider adding a nonReentrancy modifier.
Assertions are a bad practice, use require instead.
Use safeApprove in the following locations
Example: L2GraphTokenGateway.sol#L232
Floating pragma is a bad practice, since it does not guaranty the same version at future deployments.
If for any reason the following unused parameters are necessary then remove their naming (since only the type matters for function signature)
Example: L2ArbitrumMessenger.sol#L42
#0 - pcarranzav
2022-10-19T18:08:49Z
Some of the QA issues reported here are valid as noted in other reports, but it's worth noting several of the reported issues are for files that are out of scope.