Back to cryptphi's contests

Infinity NFT Marketplace contest - cryptphi's results

The world's most advanced NFT marketplace.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $50,000 USDC

Total HM: 19

Participants: 99

Period: 5 days

Judge: HardlyDifficult

Total Solo HM: 4

Id: 136

League: ETH

Infinity NFT Marketplace

Findings Distribution

Researcher Performance

Rank: 73/99

Findings: 1

Award: $58.25

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryInfinity NFT Marketplace

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, 8olidity, BowTiedWardens, Chom, Cityscape, Czar102, ElKu, FSchmoede, Funen, GimelSec, GreyArt, IllIllI, KIntern, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, Ruhum, Sm4rty, StErMi, TerrierLover, TomJ, Treasure-Seeker, VAD37, WatchPug, Wayne, _Adam, a12jmx, abhinavmir, antonttc, apostle0x01, asutorufos, berndartmueller, cccz, cloudjunky, codexploder, cryptphi, csanuragjain, defsec, delfin454000, fatherOfBlocks, georgypetrov, hake, hansfriese, horsefacts, hyh, k, kenta, nxrblsrpr, oyc_109, peritoflores, rajatbeladiya, reassor, rfa, robee, sach1r0, saian, samruna, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, wagmi, zzzitron

Awards

58.2541 USDC - $58.25

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Missing zero address check The following are missing zero address checks. Mistakenly inputing a zero address could lead to tokens being sent to zero address leading to loss of funds/tokens. Or it could require redeployment of a contract.

**Occurrences in: a. InfinityExchange.rescueTokens() - destination parameter - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1220 b. InfinityExchange.rescueETH() - destination parameter -  https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1229 c. InfinityExchange.transferMultipleNFTs() - to address parameter  - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L371 d. InfinityExchange.constructor() - _weth and _matchExecutor parameters - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L115-L116 e. InfinityStaker.constructor() - _infinityTreasury parameter - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L49-L52 f. InfinityStaker.rescueETH() - destination parameter -  https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L345 g. InfinityStaker.updateInfinityTreasury()  - _infinityTreasury parameter - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L375

  1. Missing zero value check The following are missing zero value checks which may lead to possible function reverts or wrong calculations or wrong token supply or possible contract redeployment

**Occurrences in: a. InfinityStaker.updatePenalties()  - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L364 b. InfinityStaker.updateStakeLevelThreshold() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L351 c. InfinityToken.constructor() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/token/InfinityToken.sol#L37-L49

  1. Missing events and emit The following are updates to certain functionalities or operations which are missing events and equivalent emits

**Occurrences in: a. InfinityExchange.updateMatchExecutor() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1255 b. InfinityExchange.rescueETH() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1229 c. InfinityExchange.removeComplication() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1250 d. InfinityExchange.addComplication()  - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L1240 e. InfinityStaker.rescueETH() -  https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L345 f. InfinityStaker.updateInfinityTreasury() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L375 g. InfinityStaker.updatePenalties()  - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L364 h. InfinityStaker.updateStakeLevelThreshold() - https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L351

#0 - HardlyDifficult

2022-07-12T05:19:49Z

Merging with https://github.com/code-423n4/2022-06-infinity-findings/issues/195 and https://github.com/code-423n4/2022-06-infinity-findings/issues/197 and https://github.com/code-423n4/2022-06-infinity-findings/issues/204

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter