Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 47/96
Findings: 2
Award: $45.67
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron
28.4496 USDC - $28.45
2022-06-nibbl
The following parameters are array and the length of them must be checked before executing a function if the length is the same or not.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
require(a.length == b.length, “error message”);
transfer is used to send ERC20 tokens. The return value must be checked if the transfer is successful or not. Otherwise, safeTrasfer must be used as an alternative.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L517 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L526 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L87 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L94
Consider using safeTransfer or check the return value of the transfer.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L80
(bool success, )= receivingAddress.call{value:amount}(""); require(success, “Error message”);
Curator is a state variable. Event could be emitted in updateCurator with the arguments previousCurator and newCurator.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L485-L488
Event CuratorUpdated(address oldCurator, address newCurator);
address oldCurator = curator; curator = _newCurator;
emit CuratorUpdated(oldCurator, _newCurator);
#0 - HardlyDifficult
2022-07-01T00:31:27Z
#1 - HardlyDifficult
2022-07-04T17:47:41Z
Good best practices to follow.
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 8olidity, ACai, BowTiedWardens, Chandr, Chom, ElKu, Fitraldys, Funen, IgnacioB, JC, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, Randyyy, SmartSek, StErMi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, c3phas, cRat1st0s, catchup, codexploder, cryptphi, defsec, delfin454000, ellahi, exd0tpy, fatherOfBlocks, hansfriese, joestakey, kebabsec, kenta, m_Rassska, minhquanym, oyc_109, pashov, reassor, rfa, robee, sach1r0, saian, sashik_eth, simon135, slywaters, ych18, ynnad, zuhaibmohd
17.2239 USDC - $17.22
2022-06-nibbl gas optimization
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L91 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L109
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVaultFactory.sol#L80 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVaultFactory.sol#L88
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L174 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L175 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L523 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
For example,
function withdrawMultipleERC721(address[] calldata _tokens, uint256[] calldata _tokenId, address _to) external override {}
_totalSupply > _initialTokenSupply is already checked in the if sentence. With unchecked, you can save gas costs.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L378
uint256 _tokensPrimaryCurve;
unchecked {
_tokensPrimaryCurve = _totalSupply - _initialTokenSupply;
}
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L43 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L70 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L93
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L547 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L525 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L506
for (uint256 i; i < length;) { // some executions unchecked { ++i; } }
#0 - mundhrakeshav
2022-06-26T11:19:15Z
#8