Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 50/168
Findings: 2
Award: $271.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
205.2074 USDC - $205.21
There are multiple situations in ERC721Votes._moveDelegateVotes() that would cause a revert due to either an overflow or underflow.
For example In line 216, the call to _writeCheckpoint() uses a local variable prevTotalVotes which is 0 for a first time delegate, hence the difference prevTotalVotes - _amount would underflow and revert.
Manual review
There should be a check for zero result of prevTotalVotes before the call to _writeCheckpoint
#0 - GalloDaSballo
2022-09-27T01:49:29Z
Dup of #203
The check against 0 may help solve it although this finding is not fully developed
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
65.9507 USDC - $65.95
Missing zero address check he following functions are missing zero address checks which may require redeployment of contracts Manager.constructor() Auction._authorizeUpgrade()
Missing zero value check The following functions are missing zero value checks. Setting the state variable to 0 would affect other functions in the contract, possibly causing reverts.
Auction.setDuration() Auction.setReservePrice() Auction.setTimeBuffer() Auction.setMinimumBidIncrement()
#0 - GalloDaSballo
2022-09-26T21:25:16Z
1L for zero-check on adress