Platform: Code4rena
Start Date: 22/09/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 175
Period: 14 days
Judge: alcueca
Total Solo HM: 4
Id: 287
League: ETH
Rank: 146/175
Findings: 1
Award: $11.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-
11.4657 USDC - $11.47
In ArbitrumBranchBridgeAgentFactory.sol
In BranchBridgeAgentFactory.sol
In RootBridgeAgentFactory.sol
in ArbitrumBranchBridgeAgent.sol
in ArbitrumBranchPort.sol
in ArbitrumCoreBranchRouter.sol
in BranchBridgeAgentExecutor.sol
in RootPort.sol
Manual review
Add require statement to check that address is not equal to zero.
In ERC20hTokenRootFactory.sol
@param _localChainId Local Network Layer Zerio Identifier. // @audit-issue typos `Zerio` => `Zero`
In ArbitrumCoreBranchRouter.sol
The function `addGlobalToken` is is not available since it's used // @audit-issue `is is` => `is`
In RootPort.sol
// @audit-issue typos `acount` => `account` mapping(VirtualAccount acount => mapping(address router => bool allowed)) public isRouterApproved;
Manual review
Consider to remove typos.
localChainId in ERC20hTokenBranchFactory.sol.In the contructor of ERC20hTokenBranchFactory.sol contract _localChainId has a type of uint16, but on line 14 it has type of uint24.
Manual review
Change uint24 to uint16 as in constructor.
In the constructor of ERC20hTokenBranch contract it casts strings twice.
constructor( string memory chainName, string memory chainSymbol, string memory _name, string memory _symbol, uint8 _decimals, address _owner ) ERC20(string(string.concat(chainName, _name)), string(string.concat(chainSymbol, _symbol)), _decimals) { // @audit no need to cast to string twice. _initializeOwner(_owner); }
Same issue in the ERC20hTokenRoot contract.
https://github.com/code-423n4/2023-09-maia/blob/f5ba4de628836b2a29f9b5fff59499690008c463/src/token/ERC20hTokenRoot.sol#L38
Moreover, there is no need to concat one input parameter.
// @audit no need to use `concat` operation since input parameter is only `_symbol` ) ERC20(string(string.concat(_name)), string(string.concat(_symbol)), _decimals) {
Manual review
Consider to remove double casting and concat operator in the constructor of ERC20hTokenRoot contract.
#0 - c4-pre-sort
2023-10-15T12:36:24Z
0xA5DF marked the issue as sufficient quality report
#1 - c4-judge
2023-10-20T13:52:05Z
alcueca marked the issue as grade-b