Back to martin's contests

Canto contest - martin's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 23/11/2022

Pot Size: $24,500 CANTO

Total HM: 5

Participants: 37

Period: 5 days

Judge: berndartmueller

Total Solo HM: 2

Id: 185

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 14/37

Findings: 2

Award: $73.58

QA:
grade-b
Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: 0xSmartContract

Also found by: Deivitto, Josiah, RaymondFam, aphak5010, cccz, cryptonue, gzeon, joestakey, keccak123, martin, peritoflores, rotcivegaf

Labels

bug
grade-b
QA (Quality Assurance)
Q-03

Awards

370.8153 CANTO - $59.89

External Links

Link to GitHub issue

Canto

QA Report

L-01 _safeMint() should be used rather than _mint() wherever possible

There are 1 instances of this issue:

File: /src/Turnstile.sol

92: _mint(_recipient, tokenId);

https://github.com/code-423n4/2022-11-canto/blob/main/CIP-001/src/Turnstile.sol

L-02 emit function called early

There are 3 instances of this issue:

File: /src/Turnstile.sol

95: emit Register(smartContract, _recipient, tokenId);

112: emit Assign(smartContract, _tokenId);

139: emit Withdraw(_tokenId, _recipient, _amount);

https://github.com/code-423n4/2022-11-canto/blob/main/CIP-001/src/Turnstile.sol

N-01 Inconsistent spacing in comments

There are 5 instances of this issue:

File: /src/Turnstile.sol

10: ///      If contract is using proxy pattern, it's possible to register retroactively, however past fees will be lost.

11: ///      Recipient withdraws fees by calling `withdraw(uint256,address,uint256)`.

82: ///         `msg.sender` is assumed to be a smart contract that earns fees. Only smart contract itself

83: ///         can register a fee receipient.

104: ///         Callable only by smart contract itself.

https://github.com/code-423n4/2022-11-canto/blob/main/CIP-001/src/Turnstile.sol

#0 - c4-judge

2023-01-02T13:04:54Z

berndartmueller marked the issue as grade-b

Findings Information

🌟 Selected for report: Tricko

Also found by: 0xhacksmithh, AkshaySrivastav, Awesome, Beepidibop, Deivitto, DijkstraDev, Dinesh11G, Englave, JC, Rahoz, RaymondFam, ReyAdmirado, SaeedAlipoor01988, Sathish9098, abiih, aphak5010, chaduke, chrisdior4, exolorkistis, gzeon, martin, nicobevi, oyc_109, peritoflores, rotcivegaf

Awards

84.7394 CANTO - $13.69

Labels

bug
G (Gas Optimization)
grade-b
edited-by-warden
G-11

External Links

Link to GitHub issue

Canto

Gas Optimizations Report

G-01 Functions that are access-restricted from most users may be marked as payable

Marking a function as payable reduces gas cost since the compiler does not have to check whether a payment was provided or not. This change will save around 21 gas per function call.

There are 1 instances of this issue:

File: /src/Turnstile.sol

127: function withdraw(uint256 _tokenId, address payable _recipient, uint256 _amount)

https://github.com/code-423n4/2022-11-canto/blob/main/CIP-001/src/Turnstile.sol

G-02 <x> += <y> costs more gas than <x> = <x> + <y> for state variables

There are 1 instances of this issue:

File: /src/Turnstile.sol

balances[_tokenId] += msg.value;

https://github.com/code-423n4/2022-11-canto/blob/main/CIP-001/src/Turnstile.sol

#0 - c4-judge

2022-11-29T19:15:07Z

berndartmueller marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter