Platform: Code4rena
Start Date: 18/05/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 72
Period: 4 days
Judge: LSDan
Id: 237
League: ETH
Rank: 57/72
Findings: 1
Award: $16.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ABA
Also found by: 0x4non, 0xHati, 0xMosh, 0xSmartContract, 0xWaitress, 0xhacksmithh, 0xnev, 0xprinc, Arabadzhiev, BLACK-PANDA-REACH, Deekshith99, Dimagu, KKat7531, Kose, LosPollosHermanos, MohammedRizwan, QiuhaoLi, RaymondFam, Rickard, Rolezn, SAAJ, Sathish9098, Shubham, SmartGooofy, Tripathi, Udsen, V1235816, adriro, arpit, ayden, bigtone, codeVolcan, d3e4, dwward3n, fatherOfBlocks, favelanky, jovemjeune, kutugu, lfzkoala, lukris02, matrix_0wl, minhquanym, ni8mare, parsely, pxng0lin, radev_sw, ravikiranweb3, rbserver, sces60107, souilos, tnevler, turvy_fuzz, yellowBirdy
16.1907 USDC - $16.19
Low Level Findings
[L-1]Reentrancy in JBXBuybackDelegate.didPay(JBDidPayData) (contracts/JBXBuybackDelegate.sol#183-209) Consider doing following changes on the contract to solve problem. 1)Add following import : import "@openzeppelin/contracts/security/ReentrancyGuard.sol". 2)Change contract definition as line below. contract JBXBuybackDelegate is IJBFundingCycleDataSource, IJBPayDelegate, IUniswapV3SwapCallback, Ownable, ReentrancyGuard 3)Change didPay function as adding NonReentrant modifier as function signature below. function didPay(JBDidPayData calldata _data) external payable override nonReentrant
[L-2] Reentrancy in JBXBuybackDelegate._swap(JBDidPayData,uint256,uint256) (contracts/JBXBuybackDelegate.sol#258-326) The reentrancy problem in _swap function will resolve too when the steps above are applied.
Non-Critical Findings
[N-1] Unused Solidity Import Consider removing following import at line 15 : import "@openzeppelin/contracts/access/Ownable.sol".Because even thought JBXBuybackDelegate inherits from Ownable contract. It is still never used in contract's logic.
[N-2] Event names are not CapWords Consider changing the following event names() JBXBuybackDelegateJBXBuybackDelegate_Mint(uint256) and JBXBuybackDelegateJBXBuybackDelegate_Swap(uint256,uint256,uint256) as JBXBuybackDelegateJBXBuybackDelegateMint(uint256),JBXBuybackDelegateJBXBuybackDelegateSwap(uint256,uint256,uint256)
#0 - c4-judge
2023-06-02T11:00:12Z
dmvt marked the issue as grade-b