Platform: Code4rena
Start Date: 27/04/2022
Pot Size: $50,000 MIM
Total HM: 6
Participants: 59
Period: 5 days
Judge: 0xean
Id: 113
League: ETH
Rank: 48/59
Findings: 1
Award: $72.38
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s
72.3831 MIM - $72.38
Timelock modifier is commonly used for storage variable setters that effects the contract logic. Consider adding timelocks on such setters.
https://github.com/code-423n4/2022-04-abranft/tree/main/contracts/NFTPair.sol#L728 https://github.com/code-423n4/2022-04-abranft/tree/main/contracts/NFTPairWithOracle.sol#L750
If you have a condition of x / y ? z where ? is any of <, >, ==, etc. You can do instead x ? z * y to increase precision.
https://github.com/code-423n4/2022-04-abranft/tree/main/contracts/NFTPairWithOracle.sol#L288
You should use safe math for solidity version <8 since there is no default over/under flow check it those versions.
https://github.com/code-423n4/2022-04-abranft/tree/main/contracts/NFTPair.sol https://github.com/code-423n4/2022-04-abranft/tree/main/contracts/NFTPairWithOracle.sol
#0 - cryptolyndon
2022-05-13T03:53:22Z
QA-2: Acknnowledged, thanks
QA-1 and QA-3: both feel like too little thought has been given to the specific use -- unsafe math is extensively documented and the setter function mentioned sets the fee recipient; why would one want to lock that in for a specific period?
#1 - cryptolyndon
2022-05-13T04:10:05Z
(see #124)