Platform: Code4rena
Start Date: 03/05/2023
Pot Size: $60,500 USDC
Total HM: 25
Participants: 114
Period: 8 days
Judge: Picodes
Total Solo HM: 6
Id: 234
League: ETH
Rank: 77/114
Findings: 1
Award: $36.24
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rbserver
Also found by: 0xnev, ABAIKUNANBAEV, Audit_Avengers, Aymen0909, BGSecurity, BRONZEDISC, Bason, DadeKuma, GG_Security, Jerry0x, Jorgect, MohammedRizwan, REACH, Sathish9098, Shogoki, T1MOH, UniversalCrypto, aviggiano, ayden, berlin-101, bytes032, codeslide, descharre, fatherOfBlocks, hals, kaveyjoe, kodyvim, lfzkoala, lukris02, nadin, naman1778, patitonar, pontifex, sakshamguruji, squeaky_cactus, teawaterwire, wonjun, yjrwkk
36.2377 USDC - $36.24
During the audit, 9 non-critical issues were found.
| â„– | Title | Risk Rating | Instance Count |
|---|---|---|---|
| NC-1 | Create a modifier | Non-Critical | 3 |
| NC-2 | Hardcoded values | Non-Critical | 1 |
| NC-3 | Use gender-neutral pronouns | Non-Critical | 3 |
| NC-4 | Use double quotes | Non-Critical | 2 |
| NC-5 | Inconsistency when using uint and uint256 | Non-Critical | 6 |
| NC-6 | Prevent zero transfers | Non-Critical | 2 |
| NC-7 | No space between the control structures | Non-Critical | 4 |
| NC-8 | Remove extra spaces | Non-Critical | 11+ |
| NC-9 | Missing leading underscores | Non-Critical | 20 |
Duplicate code can be declared as modifier.
if (msg.sender != stakeInfo.owner) revert NotOwnerOfDeposit();if (msg.sender != stakeInfo.owner) revert NotOwnerOfDeposit();if (msg.sender != stakeInfo.owner) revert NotOwnerOfDeposit();It is recommended to avoid using hardcoded values because they can change between implementations, networks or projects.
Avoid using he/his/him.
* @notice Mapping of distributionId to user address to whether user has claimed his delegate reward* @notice Emitted when delegatee claims his rewards.* @param distributionId_ Id of distribution from whinch delegatee wants to claim his reward.Change "his" to "their".
It is recommended to use double quotes for string literals.
Some variables is declared as uint and some as uint256.
for (uint i = 0; i < numFundedProposals; ) {for (uint i = 0; i < numProposalsInSlate; ) {for (uint i = 0; i < numProposalsInSlate_; ) {for (uint i = 0; i < numProposals; ) {for (uint j = i + 1; j < numProposals; ) {for (uint i = 0; i < proposalIdSubset_.length;) {uint256 is used.Stick to one style.
Check that amount to transfer > 0.
token.safeTransferFrom(msg.sender, address(this), fundingAmount_);IERC20(ajnaTokenAddress).safeTransfer(msg.sender, rewardClaimed_);According to Style Guide, there should be a single space between the control structures if, while, and for and the parenthetic block representing the conditional.
if(screeningVotesCast[distributionId_][msg.sender] == 0) revert DelegateRewardInvalid();if(block.number < _getChallengeStageEndBlock(currentDistribution.endBlock)) revert ChallengePeriodNotEnded();if(hasClaimedReward[distributionId_][msg.sender]) revert RewardAlreadyClaimed();else if(_standardFundingProposals[currentTopTenProposals[screenedProposalsLength - 1]].votesReceived < proposal_.votesReceived) {Change:
if(...) { ... }
to:
if (...) { ... }
Internal and private state variables and constants should have a leading underscore.
mapping(uint256 => mapping(uint256 => Position)) internal positions;mapping(uint256 => uint96) internal nonces;mapping(uint256 => EnumerableSet.UintSet) internal positionIndexes;ERC20PoolFactory private immutable erc20PoolFactory;ERC721PoolFactory private immutable erc721PoolFactory;uint256 internal constant REWARD_CAP = 0.8 * 1e18;uint256 internal constant UPDATE_CAP = 0.1 * 1e18;uint256 internal constant REWARD_FACTOR = 0.5 * 1e18;uint256 internal constant UPDATE_CLAIM_REWARD = 0.05 * 1e18;uint256 internal constant UPDATE_PERIOD = 2 weeks;mapping(address => mapping(uint256 => mapping(uint256 => uint256))) internal bucketExchangeRates;mapping(uint256 => StakeInfo) internal stakes;uint256 internal constant VOTING_POWER_SNAPSHOT_DELAY = 33;uint256 internal constant MAX_EFM_PROPOSAL_LENGTH = 216_000; // number of blocks in one monthbytes32 internal constant DESCRIPTION_PREFIX_HASH_EXTRAORDINARY = keccak256(bytes("Extraordinary Funding: "));uint256 internal constant GLOBAL_BUDGET_CONSTRAINT = 0.03 * 1e18;uint256 internal constant CHALLENGE_PERIOD_LENGTH = 50400;uint48 internal constant DISTRIBUTION_PERIOD_LENGTH = 648000;uint256 internal constant FUNDING_PERIOD_LENGTH = 72000;bytes32 internal constant DESCRIPTION_PREFIX_HASH_STANDARD = keccak256(bytes("Standard Funding: "));Add leading underscores where needed.
#0 - c4-judge
2023-05-18T18:36:31Z
Picodes marked the issue as grade-b