Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $90,500 USDC
Total HM: 47
Participants: 169
Period: 7 days
Judge: LSDan
Total Solo HM: 9
Id: 211
League: ETH
Rank: 117/169
Findings: 1
Award: $35.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x3b, 0xAgro, 0xBeirao, 0xMirce, 0xNineDec, 0xRobocop, 0xSmartContract, 0xTraub, 0xWeiss, 2997ms, 41i3xn, Awesome, Aymen0909, Bauer, Bnke0x0, Breeje, Cryptor, DadeKuma, Deathstore, Deekshith99, DevABDee, DevTimSch, Dewaxindo, Diana, Ermaniwe, Guild_3, H0, IceBear, Inspectah, JDeryl, Kaiziron, Kaysoft, Kenshin, Mukund, Praise, RaymondFam, Rickard, Rolezn, Ruhum, Sathish9098, SkyWalkerMan, SleepingBugs, UdarTeam, Udsen, Walter, aashar, adeolu, apvlki, arialblack14, ast3ros, btk, chaduke, chandkommanaboyina, chrisdior4, climber2002, codetilda, cryptonue, cryptostellar5, csanuragjain, ddimitrov22, descharre, dharma09, doublesharp, eccentricexit, ethernomad, fs0c, georgits, halden, hansfriese, hashminer0725, immeas, lukris02, luxartvinsec, matrix_0wl, merlin, mookimgo, mrpathfindr, nadin, olegthegoat, pavankv, rbserver, rebase, savi0ur, sayan, scokaf, seeu, shark, simon135, tnevler, tsvetanovv, ulqiorra, ustas, waldenyan20, y1cunhui, yongskiws, yosuke
35.4779 USDC - $35.48
Currently, only the owner can add new clone in CloneRegistry but to prevent from some mistakes from adding of existing clone should be good to have check if the clone is already added. File CloneRegistry.sol: line 41
Mismatched comment with function logic. DeploymentController.sol: [60][https://github.com/code-423n4/2023-01-popcorn//blob/main/src/vault/DeploymentController.sol#L60]
Zero address or just EOA address can be setted to implementation of the Template. Nowhere is checked if the implementation address is not zero or is a smart contract. TemplateRegistry.sol: (https://github.com/code-423n4/2023-01-popcorn//blob/main/src/vault/TemplateRegistry.sol#L67-L81)
acceptDependencyOwnership should be called only from the AdminProxy which will expect to accept ownership. File DeploymentController.sol: 131
State variables can be declared as constant or immutable. In both cases, the variables cannot be modified after the contract has been constructed. For constant variables, the value has to be fixed at compile-time, while for immutable, it can still be assigned at construction time.
VaultController.sol: 36-40
In some places in the contract is missed good NatSpec comment. The good commented code increase readability.
In function permit before ecrecover() is missed check for malleable value for S. resource: https://eips.ethereum.org/EIPS/eip-1271 File MultiRewardStaking: 445-L485 Also in AdapterBase
Do not use magic variable use declare constant AdapterBase.sol: 502 Use constant variable for version for computing of domain separator. File Vault.sol: line [724] (https://github.com/code-423n4/2023-01-popcorn//blob/main/src/vault/Vault.sol#L724)
#0 - c4-judge
2023-02-28T15:10:47Z
dmvt marked the issue as grade-b