Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 92/109
Findings: 1
Award: $55.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron
55.1985 USDC - $55.20
During the audit, 1 low and 5 non-critical issues were found.
| â„– | Title | Risk Rating | Instance Count |
|---|---|---|---|
| L-1 | Large number of elements may cause out-of-gas error | Low | 6 |
| NC-1 | Order of Layout | Non-Critical | 6 |
| NC-2 | Floating pragma | Non-Critical | 20 |
| NC-3 | Missing NatSpec | Non-Critical | 53 |
| NC-4 | Public functions can be external | Non-Critical | 18 |
| NC-5 | Scientific notation may be used | Non-Critical | 2 |
Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.
Restrict the maximum number of elements.
According to Order of Layout, inside each contract, library or interface, use the following order:
Events before state variables:
Modifier after constructor:
Place events after state variables, modifier - before constructor.
Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
All 20 contracts.
According to SWC-103, pragma version should be locked.
NatSpec is missing for 53 functions in 8 contracts.
Add NatSpec for all functions.
If functions are not called by the contract where they are defined, they can be declared external.
Make public functions external, where possible.
For readability, it is better to use scientific notation.
Replace 10000 with 10e4.
#0 - GalloDaSballo
2022-10-06T20:22:14Z
Disputed as it's user inflicted, just use less
NC
##NC-2. Floating pragma NC
NC
##Â NC-4. Public functions can be external NC
Disagree for those instances, it's fine
Missing some heavy hitter reports but not a bad start
4NC