Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 80/133
Findings: 2
Award: $40.82
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rotcivegaf
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, B2, Bahurum, Bnke0x0, Ch_301, CodingNameKiki, Deivitto, Diana, Funen, IllIllI, JC, JLevick, KIntern_NA, Lambda, OptimismSec, PaludoX0, RockingMiles, Rolezn, Sm4rty, Soosh, Tagir2003, Tointer, TomJ, Triangle, Trust, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, asutorufos, ayeslick, aysha, bbuddha, bharg4v, bobirichman, brgltd, bytera, c3phas, cryptostellar5, cryptphi, csanuragjain, datapunk, delfin454000, durianSausage, exd0tpy, gogo, got_targ, jag, joestakey, karanctf, ladboy233, leosathya, lukris02, mics, millersplanet, natzuu, neko_nyaa, obront, oyc_109, parashar, peritoflores, rbserver, ret2basic, rokinot, ronnyx2017, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, tnevler, yasir, yongskiws
28.0141 USDC - $28.01
The function beforeWithdraw() on sfrxETH contract (line 48) is internal but is never called inside the contract. Besides, it's not seen that sfrxETH.sol is inherited in any other contract on the protocol, which makes the function a piece of "dead code".
RECOMMENDATION: Consider changing its visibilty or make sure that is called/implemented correctly inside the protocol.
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami
12.811 USDC - $12.81
The onlyByOwnGov() modifier has a require statement that can be refactored with an if statement and a custom error. (Line 41)
Declare error:
error NotOwnerOrTimelock();
and replace the mentioned line with the following:
if (msg.sender != timelock_address || msg.sender != owner) revert NotOwnerOrTimelock();
The onlyMinters() modifier has a require statement that can be refactored with an if statement and a custom error. (Line 46)
Declare error:
error OnlyMinters();
and replace the mentioned line with the following:
if (!minters[msg.sender]) revert OnlyMinters();
The addMinter() function has two require statements that can be refactored with an if statement and a custom error. (Lines 66, 68)
Declare errors:
error ZeroAddressDetected();
error AddressAlreadyExists();
and replace the mentioned lines with the following:
if (minter_address == address(0)) revert ZeroAddressDetected(); if (minters[minter_address]) revert AddressAlreadyExists();
The removeMinter() function has two require statements that can be refactored with an if statement and a custom error. (Lines 77, 78)
Declare error:
error AddressNonExistant();
and replace the mentioned lines with the following:
if (minter_address == address(0)) revert ZeroAddressDetected(); if (!minters[minter_address]) revert AddressNonExistant();
The setTimelock() function has a require statement that can be refactored with an if statement and a custom error. (Line 95):
Replace the mentioned line with the following:
if (_timelock_address == address(0)) revert ZeroAddressDetected();
Note that ZeroAddressDetected(); is declared only once and is used three times without being re-declared with this access control implementation.