Forgotten Runes Warrior Guild contest - m9800's results

16,000 Warrior NFTs sold in a phased Dutch Auction.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $30,000 USDC

Total HM: 6

Participants: 93

Period: 3 days

Judge: gzeon

Id: 118

League: ETH

Forgotten Runes

Findings Distribution

Researcher Performance

Rank: 47/93

Findings: 2

Award: $78.87

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Forgotten Runes

Findings Information

🌟 Selected for report: leastwood

Also found by: 0xliumin, Czar102, IllIllI, TrungOre, VAD37, WatchPug, berndartmueller, cccz, gzeon, hickuphh3, horsefacts, ilan, joestakey, m9800, p4st13r4, peritoflores, reassor, rfa, robee, sorrynotsorry, tintin, z3s

Awards

48.5872 USDC - $48.59

Labels

bug

duplicate

2 (Med Risk)

upgraded by judge

External Links

Link to GitHub issue

Judge has assessed an item in Issue #189 as Medium risk. The relevant finding follows:

[N02] Using send() to send ETH could run out of gas. You have to be sure of the logic of the recipient. https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsGuild.sol#L164

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsMinter.sol#L610

#0 - gzeoneth
2022-06-18T19:19:19Z

Duplicate of #254

Findings Information

🌟 Selected for report: defsec

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0x52, 0xDjango, 0xf15ers, 0xkatana, 0xliumin, AuditsAreUS, BowTiedWardens, CertoraInc, Cr4ckM3, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, M0ndoHEHE, MaratCerby, Picodes, Ruhum, TerrierLover, TrungOre, VAD37, WatchPug, berndartmueller, broccolirob, catchup, cccz, cryptphi, csanuragjain, delfin454000, dirk_y, eccentricexit, ellahi, fatherOfBlocks, gzeon, hake, hansfriese, hickuphh3, horsefacts, hubble, hyh, ilan, joestakey, kebabsec, kenta, kenzo, leastwood, m9800, marximimus, minhquanym, oyc_109, p4st13r4, pauliax, pedroais, peritoflores, plotchy, rajatbeladiya, reassor, rfa, robee, rotcivegaf, samruna, shenwilly, shung, simon135, sorrynotsorry, sseefried, teddav, throttle, tintin, unforgiven, z3s

Awards

30.2759 USDC - $30.28

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

[N01] initialize function in warriors contract can be called many times by the owner, there's not an initializer modifier. the initialize function only sets the minter address but there's also a function to set the minter's address so use a modifier or just keep one function.

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsGuild.sol#L52

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsGuild.sol#L137

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsMinter.sol#L610

[N03] IERC20 transfer() returns bool if the operation has succeded, in _safeTransferETHWithFallback()used to transfer WETH it is not checked but when _safeTransferETH() is called using call method to transfer ETH it return a bool and is checked. Check both for more consistency

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsMinter.sol#L402

https://github.com/code-423n4/2022-05-runes/blob/060b4f82b79c8308fe65674a39a07c44fa586cd3/contracts/ForgottenRunesWarriorsMinter.sol#L416

Forgotten Runes Warrior Guild contest - m9800's results

16,000 Warrior NFTs sold in a phased Dutch Auction.

General Information

Findings Distribution

Researcher Performance

External Links

[M-05] Upgraded Q -> M from 189 [1655579836940] - $48.59

Findings Information

Awards

Labels

External Links

#0 - gzeoneth2022-06-18T19:19:19Z

[Q-66] QA Report - $30.28

Findings Information

Awards

Labels

External Links

#0 - gzeoneth
2022-06-18T19:19:19Z