Back to lukris02's contests

Paladin - Warden Pledges contest - lukris02's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 27/10/2022

Pot Size: $33,500 USDC

Total HM: 8

Participants: 96

Period: 3 days

Judge: kirk-baird

Total Solo HM: 1

Id: 176

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 41/96

Findings: 2

Award: $31.16

QA:
grade-b
Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPaladin

Findings Information

🌟 Selected for report: robee

Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas

Awards

19.6449 USDC - $19.64

Labels

bug
QA (Quality Assurance)
grade-b
Q-55

External Links

Link to GitHub issue

QA Report for Paladin - Warden Pledges contest

Overview

During the audit, 1 low and 5 non-critical issues were found.

â„–TitleRisk RatingInstance Count
L-1Missing check for zero addressLow3
NC-1Misleading function nameNon-Critical1
NC-2Order of FunctionsNon-Critical2
NC-3Spaces between the control structuresNon-Critical65
NC-4Maximum line length exceededNon-Critical3
NC-5TyposNon-Critical14

Low Risk Findings (1)

L-1. Missing check for zero address

Description

If address(0x0) is set it may cause the contract to revert or work wrong.

Instances
Recommendation

Add checks.

Non-Critical Risk Findings (5)

NC-1. Misleading function name

Instances
    /**
    * @notice Amount of Pledges listed in this contract
    * @dev Amount of Pledges listed in this contract
    * @return uint256: Amount of Pledges listed in this contract
    */
    function pledgesIndex() public view returns(uint256){
        return pledges.length;
    }
Recommendation

Consider changing the name to pledgesLength() or pledgesAmount().

NC-2. Order of Functions

Description

According to Style Guide, ordering helps readers identify which functions they can call and to find the constructor and fallback definitions easier.
Functions should be grouped according to their visibility and ordered:

  1. constructor
  2. receive function (if exists)
  3. fallback function (if exists)
  4. external
  5. public
  6. internal
  7. private
Instances

Internal function should be after external:

Public function should be after external:

Recommendation

Reorder functions where possible.

NC-3. Spaces between the control structures

Description

According to Style Guide, there should be a single space between the control structures if, while, and for and the parenthetic block representing the conditional.

Instances
Recommendation

Change:

if(...)

to:

if (...)

NC-4. Maximum line length exceeded

Description

Some lines of code are too long.

Instances
Recommendation

According to Style Guide, maximum suggested line length is 120 characters.
Make the lines shorter.

NC-5. Typos

Instances

#0 - c4-judge

2022-11-12T01:01:13Z

kirk-baird marked the issue as grade-b

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler

Awards

11.5153 USDC - $11.52

Labels

bug
G (Gas Optimization)
grade-b
G-44

External Links

Link to GitHub issue

Gas Optimizations Report for Paladin - Warden Pledges contest

Overview

During the audit, 3 gas issues were found.
Total savings ~200.

â„–TitleInstance Count
G-1Use unchecked blocks for subtractions where underflow is impossible4
G-2Use local variable cache instead of accessing mapping or array multiple times1
G-3Unnecessary write to the memory variable2

Gas Optimizations Findings (3)

G-1. Use unchecked blocks for subtractions where underflow is impossible

Description

In Solidity 0.8+, there’s a default overflow and underflow check on unsigned integers. When an overflow or underflow isn’t possible (after require or if-statement), some gas can be saved by using unchecked blocks.

Instances
Saved

This saves ~35.
So, ~35*4 = 140

G-2. Use local variable cache instead of accessing mapping or array multiple times

Description

It saves gas due to not having to perform the same key’s keccak256 hash and/or offset recalculation.

Instances
Saved

This saves ~40.
So, ~40*1 = 40

G-3. Unnecessary write to the memory variable

Description

When array or mapping accessed only once, there is no need to use local variable.

Instances
Saved

This saves ~3.
So, ~3*2 = 6

#0 - c4-judge

2022-11-12T01:06:45Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter