Back to erictee's contests

Mimo August 2022 contest - erictee's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 02/08/2022

Pot Size: $50,000 USDC

Total HM: 12

Participants: 69

Period: 5 days

Judge: gzeon

Total Solo HM: 5

Id: 150

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 61/69

Findings: 1

Award: $67.51

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xc0ffEE, 8olidity, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, Funen, JC, JohnSmith, NoamYakov, ReyAdmirado, Rohan16, Rolezn, Sm4rty, SooYa, TomFrenchBlockchain, TomJ, Waze, __141345__, ajtra, ak1, aysha, bin2chen, bobirichman, brgltd, bulej93, c3phas, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, horsefacts, hyh, ladboy233, mics, natzuu, nxrblsrpr, oyc_109, rbserver, samruna, sikorico, simon135, tofunmi, wagmi

Awards

67.5073 USDC - $67.51

Labels

bug
QA (Quality Assurance)
edited-by-warden

External Links

Link to GitHub issue

[L-01] Unspecific Compiler Version Pragma

Impact

Avoid floating pragmas for non-library contracts.

While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.

A known vulnerable compiler version may accidentally be selected or security tools might fall-back to an older compiler version ending up checking a different EVM compilation that is ultimately deployed on the blockchain.

It is recommended to pin to a concrete compiler version.

Findings:
contracts/proxy/MIMOProxy.sol::2 => pragma solidity >=0.8.4;
contracts/proxy/MIMOProxyFactory.sol::2 => pragma solidity >=0.8.4;
contracts/proxy/MIMOProxyRegistry.sol::2 => pragma solidity >=0.8.4;
contracts/proxy/interfaces/IMIMOProxy.sol::2 => pragma solidity ^0.8.4;
contracts/proxy/interfaces/IMIMOProxyFactory.sol::2 => pragma solidity ^0.8.4;
contracts/proxy/interfaces/IMIMOProxyRegistry.sol::2 => pragma solidity ^0.8.4;

[L-02] Address checks should use && instead of || .

Impact

Should change || to && in order to ensure that all addresses are not zero.

Findings:

https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/actions/MIMOSwap.sol#L27 https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/actions/MIMOVaultActions.sol#L33

[L-03] Missing zero address checks when assigning values to address state variables.

Finding:

https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxyFactory.sol#L26-L28

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter