Platform: Code4rena
Start Date: 27/04/2022
Pot Size: $50,000 MIM
Total HM: 6
Participants: 59
Period: 5 days
Judge: 0xean
Id: 113
League: ETH
Rank: 29/59
Findings: 2
Award: $128.68
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s
80.8369 MIM - $80.84
Typos
The same typo (inquality) occurs in both lines below:
/// of the above inquality) fits in 128 bits, then the function is
Change inquality to inequality
The same typo (initialised) occurs in both lines below:
/// @notice Subsequent clones are initialised via `init`.
Change initialised to initialized
6 instances of the same typo (..) occur in the lines below:
Change .. to . or to ... if that was what was intended
8 instances of the same typo (transfered) occur in the lines below:
Change transfered to transferred
#0 - cryptolyndon
2022-05-13T04:44:15Z
"Initialised" is valid, we don't claim to be Americans. Also, seriously? The two dots?
🌟 Selected for report: BowTiedWardens
Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s
47.8437 MIM - $47.84
Issue: Require message too long
Explanation: The require message below can be shortened to 32 characters or fewer (as shown) to save gas.
The same long message occurs in both lines referenced below: https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L366 https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPairWithOracle.sol#L398
require(ILendingClub(lender).willLend(tokenId, params), "NFTPair: LendingClub does not like you");
Change NFTPair: LendingClub does not like you to NFTPair: LendingClub loathes you
Issue: Use of && within a require function
Explanation: Dividing the require into separate require messages instead of using && will save gas.
require( params.duration >= cur.duration && params.valuation <= cur.valuation && params.annualInterestBPS <= cur.annualInterestBPS, "NFTPair: worse params" );
Change to:
require(params.duration >= cur.duration, "NFTPair: worse params"); require(params.valuation <= cur.valuation, "NFTPair: worse params"); require(params.annualInterestBPS <= cur.annualInterestBPS, "NFTPair: worse params");
require( params.duration >= cur.duration && params.valuation <= cur.valuation && params.annualInterestBPS <= cur.annualInterestBPS && params.ltvBPS <= cur.ltvBPS, "NFTPair: worse params" );
Change to:
require(params.duration >= cur.duration, "NFTPair: worse params"); require(params.valuation <= cur.valuation, "NFTPair: worse params"); require(params.annualInterestBPS <= cur.annualInterestBPS, "NFTPair: worse params"); require(params.ltvBPS <= cur.ltvBPS, "NFTPair: worse params");
require( params.valuation == accepted.valuation && params.duration <= accepted.duration && params.annualInterestBPS >= accepted.annualInterestBPS, "NFTPair: bad params" );
Change to:
require(params.valuation == accepted.valuation, "NFTPair: bad params"); require(params.duration <= accepted.duration, "NFTPair: bad params"); require(params.annualInterestBPS >= accepted.annualInterestBPS, "NFTPair: bad params");
require( params.valuation == accepted.valuation && params.duration <= accepted.duration && params.annualInterestBPS >= accepted.annualInterestBPS && params.ltvBPS >= accepted.ltvBPS, "NFTPair: bad params" );
Change to:
require(params.valuation == accepted.valuation, "NFTPair: bad params"); require(params.duration <= accepted.duration, "NFTPair: bad params"); require(params.annualInterestBPS >= accepted.annualInterestBPS, "NFTPair: bad params"); require(params.ltvBPS >= accepted.ltvBPS, "NFTPair: bad params");
The require function with embedded '&&' occurs in both lines referenced below:
https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L622
https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPairWithOracle.sol#L655
require(callee != address(bentoBox) && callee != address(collateral) && callee != address(this), "NFTPair: can't call");
Change to:
require(callee != address(bentoBox), "NFTPair: can't call"); require(callee != address(collateral), "NFTPair: can't call"); require(callee != address(this), "NFTPair: can't call");
Issue: Variables should not be initialized to their default values
Explanation: Initializing uint variables to their default value of 0 is unnecessary and costs gas.
The same initialization of a variable to its default occurs in both lines referenced below: https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L96 https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPairWithOracle.sol#L113
uint8 private constant LOAN_INITIAL = 0;
Change LOAN_INITIAL = 0; to LOAN_INITIAL;
#0 - cryptolyndon
2022-05-14T01:31:35Z
Seen, thank you.