Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 87/96
Findings: 1
Award: $28.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron
28.2806 USDC - $28.28
_minBuyoutTimeWhen initializing the vault, a user could set minBuyoutTime < block.timestamp unintentionally which could lead to an immediate buyout attempt.
Consider checking _minBuyoutTime >= block.timestamp in the NibblVault.sol's initialize function.
call instead of transfer for payable addressesSince the transfer function for a payable address has a gas limit of 2300, it could fail in the event the receiving address has a fallback/receive function that requires more than 2300 gas.
As in NibblVault.sol and NibblVaultFactory.sol, use the ```call`` method to send ether.
Some ERC20 transfer functions may return false on an unsuccessful transfer instead of reverting.
It is recommended to either use OpenZeppelin's safeTransfer method or use a require statement to check the transfer's return value.
In the boughtOut modifier, if buyoutEndTime > block.timestamp the condition will fail and the transaction will revert. Currently the message displays "NibblVault: buyoutEndTime <= now" on failure which could lead to confusion as the buyOutEndtime would be more than now.
In initiateBuyout, if block.timestamp < minBuyoutTime the condition will fail and the message "NibblVault: minBuyoutTime < now" is displayed indicating that the transaction failed because the minBuyoutTime has been reached which is not true.
Change the message on line 147 to "NibblVault: buyoutEndTime > now" and the message on line 399 to "NibblVault: minBuyoutTime > now".
#0 - HardlyDifficult
2022-07-04T15:53:22Z
Valid considerations