Back to lukris02's contests

FEI and TRIBE Redemption contest - lukris02's results

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

General Information

Platform: Code4rena

Start Date: 09/09/2022

Pot Size: $42,000 USDC

Total HM: 2

Participants: 101

Period: 3 days

Judge: hickuphh3

Total Solo HM: 2

Id: 161

League: ETH

Tribe

Findings Distribution

Researcher Performance

Rank: 86/101

Findings: 1

Award: $33.58

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTribe

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0x040, 0x1f8b, 0x4non, 0x52, 0x85102, 0xNazgul, 0xSky, 0xSmartContract, Aymen0909, Bnke0x0, CertoraInc, Chandr, Chom, CodingNameKiki, Deivitto, Diana, Funen, JC, Jeiwan, Junnon, KIntern_NA, Lambda, Mohandes, Noah3o6, Ocean_Sky, Picodes, R2, Randyyy, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Samatak, Sm4rty, SnowMan, SooYa, StevenL, Tagir2003, Tointer, TomJ, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, bharg4v, bobirichman, brgltd, c3phas, cccz, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dipp, djxploit, durianSausage, erictee, fatherOfBlocks, gogo, got_targ, hansfriese, horsefacts, hyh, ignacio, innertia, izhuer, karanctf, ladboy233, leosathya, lucacez, lukris02, mics, oyc_109, pashov, pauliax, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, scaraven, sikorico, simon135, smiling_heretic, sorrynotsorry, unforgiven, wagmi, yixxas

Awards

33.5761 USDC - $33.58

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

QA Report for FEI and TRIBE Redemption contest

Overview

During the audit, 2 low and 5 non-critical issues were found.

â„–TitleRisk Rating
L-1Misleading commentsLow
L-2Functions return inputLow
NC-1Constants at the end of the contractNon-Critical
NC-2Constants may be usedNon-Critical
NC-3Missing NatSpecNon-Critical
NC-4Floating pragmaNon-Critical
NC-5Incorrect commentNon-Critical

Low Risk Findings (2)

L-1. Misleading comments

Instances
Recommendation

Put comments before functions, not after.

L-2. Functions return input

Instances

Link:

    /// @notice calculate the amount of FEI out for a given `amountIn` of underlying
    function getMintAmountOut(uint256 amountIn) external pure returns (uint256) {
        return amountIn;
    }


    /// @notice calculate the amount of underlying out for a given `amountFeiIn` of FEI
    function getRedeemAmountOut(uint256 amountIn) external pure returns (uint256) {
        return amountIn;
    }

Non-Critical Risk Findings (5)

NC-1. Constants at the end of the contract

Instances
Recommendation

Inside each contract, library or interface, use the following order:

  • Type declarations
  • State variables
  • Events
  • Modifiers
  • Functions

NC-2. Constants may be used

Description

Constants may be used instead of literal values.

Instances
Recommendation

Define constant variables, especially, for repeated values.

NC-3. Missing NatSpec

Description

NatSpec is missing in 1 contract.

Instances
Recommendation

Add NatSpec for all functions.

NC-4. Floating pragma

Description

Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Instances
Recommendation

According to SWC-103, pragma version should be locked.

NC-5. Incorrect comment

Description

Not only public but also external.

Instances

/** ---------- Public State-Changing Funcs ----------------- **/

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter