Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 36/179
Findings: 4
Award: $342.78
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GimelSec
Also found by: 0x52, 0xA5DF, 0xSky, 0xsanson, Bahurum, CertoraInc, GalloDaSballo, JohnSmith, Lambda, MEP, Twpony, arcoun, berndartmueller, cryptphi, hansfriese, kenzo, kyteg, panprog, rajatbeladiya, scaraven, simon135, zzzitron
26.7695 USDC - $26.77
For a tokenId without a prior checkpoint, calling VoteEscrowDelegation.delegate() would revert due to an underflow in nCheckpoints
nCheckpoints variable in uint256 nCheckpoints = numCheckpoints[toTokenId]; is set to 0 since there was no prior numCheckpoints. Thus nCheckpoints - 1 in line 79 would cause an underflow causing a revert.
Due to above, first time delegation on a tokenId will always revert.
Manual review
Change uint256 nCheckpoints = numCheckpoints[toTokenId]; to uint256 nCheckpoints = numCheckpoints[toTokenId] + 1;
#0 - KenzoAgada
2022-08-02T09:20:55Z
Duplicate of #630
🌟 Selected for report: CertoraInc
Also found by: 0xA5DF, 0xsanson, Bahurum, GalloDaSballo, MEP, TrungOre, carlitox477, cryptphi, kenzo
The _transferFrom() in VoteEscrowDelegation.sol should be change to an external function. Currently, the function is unable to be called by any user since it is an internal function and there's no call to the function from another Golom contract.
With above, users who want to remove delegation and transfer their NFT will be unable to call the function.
Manual review
Change function to external.
#0 - KenzoAgada
2022-08-03T14:54:58Z
Duplicate of #377
🌟 Selected for report: cloudjunky
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, 0xHarry, 0xNazgul, 0xNineDec, 0xf15ers, 0xsanson, 0xsolstars, 8olidity, Bnke0x0, CertoraInc, Chom, Deivitto, Dravee, GalloDaSballo, GimelSec, IllIllI, Jmaxmanblue, JohnSmith, Jujic, Kenshin, Krow10, Lambda, MEP, Noah3o6, RedOneN, Ruhum, StErMi, StyxRave, TomJ, Treasure-Seeker, TrungOre, _Adam, __141345__, arcoun, asutorufos, bardamu, bearonbike, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, cccz, codexploder, cryptonue, cryptphi, cthulhu_cult, dharma09, dipp, djxploit, durianSausage, ellahi, giovannidisiena, hansfriese, horsefacts, hyh, immeas, indijanc, jayjonah8, jayphbee, joestakey, kenzo, kyteg, ladboy233, minhquanym, navinavu, obront, oyc_109, peritoflores, rbserver, reassor, rokinot, rotcivegaf, saian, scaraven, shenwilly, simon135, sseefried, teddav, zzzitron
0.0037 USDC - $0.00
https://github.com/code-423n4/2022-07-golom/blob/main/contracts/core/GolomTrader.sol#L151-L155
The use of payable().transfer may have unintended outcomes on the eth being sent to the receiver. Funds may be irretrievable or undelivered if the recipient is a smart contract. Funds can potentially be lost if;
The impact would mean that any contracts receiving funds would potentially be unable to retrieve funds from the fillAsk transaction.
Possible receivers that may be affected during the fillAsk() transaction are referrer, o.signer , exchange , prepayment and payment receivers.
I
https://github.com/code-423n4/2022-07-golom/blob/main/contracts/core/GolomTrader.sol#L151-L155
The payEther() issue may affect RewardDistributor, referrer, o.signer , exchange , prepayment and payment receivers.
Manual review
msg.sender.call.value(amount)` or using the OpenZeppelin Address.sendValue library
#0 - KenzoAgada
2022-08-03T14:56:08Z
Duplicate of #343
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron
35.1687 USDC - $35.17
governance parameter in GolomTrader.constructor() - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/core/GolomTrader.sol#L92-L94 governance parameter in GolomToken.constructor() - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/governance/GolomToken.sol#L28-L30 governance parameter in RewardDistributor.constructor() - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/rewards/RewardDistributor.sol#L74-L85
trader and token params in RewardDistributor.constructor() are also missing zero address checks - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/rewards/RewardDistributor.sol#L74-L85 _minter parameter in GolomToken.setMinter is missing zero address check.
Default address of pendingMinter is address(0), so if minter is set to zero, executeMinter() will set minter to 0. https://github.com/code-423n4/2022-07-golom/blob/main/contracts/governance/GolomToken.sol#L58-L61
Missing events and emit The following functions are missing emits and/or events for their operations which could be useful in third-party monitoring. GolomTrader.executeSetDistributor() - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/core/GolomTrader.sol#L454-L457 GolomToken.executeSetMinter() - https://github.com/code-423n4/2022-07-golom/blob/main/contracts/governance/GolomToken.sol#L65-L72
Re-written output variable in TokenUriHelper.solThe output variable in TokenUriHelper._tokenURI() looks to be re-written multiple times