Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $100,000 USDC
Total HM: 18
Participants: 60
Period: 7 days
Judge: gzeon
Total Solo HM: 10
Id: 112
League: ETH
Rank: 42/60
Findings: 1
Award: $169.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s
169.5152 USDC - $169.52
Missing check to check if it is not already paused in (https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/utils/Pausable.sol#L23
Unnecessary checks Lines (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L120, https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L157) have unnecessary checks, since those checks are already in place when a pool is added.
Unnecessary returns
In the lines (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/CvxCrvRewardsLocker.sol#L163, https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/CvxCrvRewardsLocker.sol#L153, https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/CvxCrvRewardsLocker.sol#L144) hardcoding “return true” is unnecessary. Instead, you could return the boolean value of what happens inside the function while achieving the same result, since if the function fails, it won’t return anything as it will revert. Alternatively, you could change your coding style and do not return anything, and/or emit an event.
This line contains a TODO statement (https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol#L713), you might consider to remove them.
Some functions don’t contain the same commenting structure (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/Controller.sol#L77 as an example) some comments only have “@notice” instead of also having “@param” and “@return”, or vice versa. We suggest that every explanatory comment uses the same appropriate structure, like the rest of the contracts.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/LpToken.sol#L62) “Aamount” should be “Amount”.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/StakerVault.sol#L31) “not” should be “note”.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol#L218) “prepraed” should be “prepared”.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L272) “it’s” should be “its” to indicate possession.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/StakerVault.sol#L89) “is” should be “if”.
Typos both in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L297 and https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L308) “deos” should be “does”.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L336) “an pool” should be “a pool”.
Typo in (https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/BkdLocker.sol#L298) “he” should be “they” as it’s the proper pronoun to use when referring to someone you don’t know the gender of.