Back to lukris02's contests

Venus Protocol Isolated Pools - lukris02's results

Earn, Borrow & Lend on the #1 Decentralized Money Market on the BNB Chain

General Information

Platform: Code4rena

Start Date: 08/05/2023

Pot Size: $90,500 USDC

Total HM: 17

Participants: 102

Period: 7 days

Judge: 0xean

Total Solo HM: 4

Id: 236

League: ETH

Venus Protocol

Findings Distribution

Researcher Performance

Rank: 66/102

Findings: 1

Award: $56.63

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVenus Protocol

Findings Information

🌟 Selected for report: brgltd

Also found by: 0x73696d616f, 0xAce, 0xSmartContract, 0xWaitress, 0xkazim, 0xnev, Aymen0909, BGSecurity, Bauchibred, Cayo, ChrisTina, Franfran, IceBear, Infect3d, Kose, Lilyjjo, PNS, RaymondFam, Sathish9098, Team_Rocket, Udsen, YakuzaKiawe, YoungWolves, berlin-101, bin2chen, btk, codeslide, fatherOfBlocks, frazerch, kodyvim, koxuan, lfzkoala, lukris02, matrix_0wl, nadin, naman1778, sashik_eth, tnevler, volodya, wonjun, yjrwkk

Awards

56.6347 USDC - $56.63

Labels

bug
grade-b
QA (Quality Assurance)
Q-22

External Links

Link to GitHub issue

QA Report for Venus Protocol Isolated Pools contest

Overview

During the audit, 1 low and 8 non-critical issues were found.

â„–TitleRisk RatingInstance Count
L-1Add a timelock to critical functionsLow20
NC-1Update import usagesNon-Critical1
NC-2Scientific notation may be usedNon-Critical2
NC-3Unused eventNon-Critical1
NC-4If possible, place if/require-statements at the top of the functionNon-Critical1
NC-5Prevent zero transfersNon-Critical4
NC-6Lack of event emission in initialize() functionNon-Critical7
NC-7No same value input controlNon-Critical14
NC-8Missing leading underscoresNon-Critical64

Low Risk Findings(1)

L-1. Add a timelock to critical functions

Description

Giving users time to react and adjust to critical changes in protocol provides more guarantees and increases the transparency of the protocol.

Instances
Recommendation

Consider adding a timelock.

Non-Critical Risk Findings(8)

NC-1. Update import usages

Description

For modern and more readable code, consider updating import usages.

Instances
  • all contracts
Recommendation

Change to: import {contract1 , contract2} from "filename.sol";

NC-2. Scientific notation may be used

Description

For readability and to avoid misprints, it is better to use scientific notation.

Instances
Recommendation

Replace 10000 with 10e4.

NC-3. Unused event

Description

The event AmountOutMinUpdated is not emitted.

Instances
Recommendation

Emit event or delete it.

NC-4. If possible, place if/require-statements at the top of the function

Description

Validation of input parameters should be at the beginning of the function.

Instances

NC-5. Prevent zero transfers

Description

Check that amount to transfer > 0.

Instances

NC-6. Lack of event emission in initialize() function

Description

Lack of event emission complicates recording the init parameters for off-chain monitoring and reduces transparency.

Instances
Recommendation

Consider emitting an event in the initialize() function

NC-7. No same value input control

Instances
Recommendation

Check if (variableA == parameterA) revert SameValue();

NC-8. Missing leading underscores

Description

Internal and private state variables, constants, immutables and functions should have a leading underscore.

Instances
Recommendation

Add leading underscores where needed.

#0 - c4-judge

2023-05-18T18:34:08Z

0xean marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter