Drips Protocol contest - nalus's results

An Ethereum protocol for streaming and splitting funds.

General Information

Platform: Code4rena

Start Date: 25/01/2023

Pot Size: $90,500 USDC

Total HM: 3

Participants: 26

Period: 9 days

Judge: GalloDaSballo

Id: 209

League: ETH

Drips Protocol

Findings Distribution

Researcher Performance

Rank: 22/26

Findings: 1

Award: $122.82

QA:

grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Drips Protocol

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0xA5DF, 0xSmartContract, HollaDieWaldfee, IllIllI, SleepingBugs, btk, chaduke, fs0c, hansfriese, nalus, rbserver, zzzitron

Labels

bug

grade-b

QA (Quality Assurance)

Q-08

Awards

122.8177 USDC - $122.82

External Links

Link to GitHub issue

1 Comment is wrong

First, dripId_ is compared.

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Drips.sol#L93

2 _balanceAt function name shadowing

Change one of the function's name to avoid confusion

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Drips.sol#L533 https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Drips.sol#L555

3 Store magic numbers in constants

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/AddressDriver.sol#L41

4 NFTDriver.sol is missing tokenUri function to return erc721 metadata.

5 DripsHub says cyclesSecs must be above 1, but there is no condition checking it

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/DripsHub.sol#L109-L114

6 finalAmtPerCycle sounds like average naming it finalCycleAmt would be more appropriate

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Drips.sol#L240-L254

7 Protocol design is not optimal for funds withdrawal

Add a withdrawable function that allows the withdrawal of splittable funds so that the user doesn't need to call 3 functions (_setSplits, _split, collect) in order to withdraw funds that one receives from a split.

#0 - GalloDaSballo
2023-02-15T14:18:00Z

1 Comment is wrong

2 _balanceAt function name shadowing

3 Store magic numbers in constants

4 NFTDriver.sol is missing tokenUri function to return erc721 metadata.

5 DripsHub says cyclesSecs must be above 1, but there is no condition checking it

6 finalAmtPerCycle sounds like average naming it finalCycleAmt would be more appropriate

7 Protocol design is not optimal for funds withdrawal

2L 5R

#1 - c4-judge
2023-02-24T10:55:38Z

GalloDaSballo marked the issue as grade-b

Drips Protocol contest - nalus's results

An Ethereum protocol for streaming and splitting funds.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-08] QA Report - $122.82

Findings Information

Labels

Awards

External Links

1 Comment is wrong

2 _balanceAt function name shadowing

3 Store magic numbers in constants

4 NFTDriver.sol is missing tokenUri function to return erc721 metadata.

5 DripsHub says cyclesSecs must be above 1, but there is no condition checking it

6 finalAmtPerCycle sounds like average naming it finalCycleAmt would be more appropriate

7 Protocol design is not optimal for funds withdrawal

#0 - GalloDaSballo2023-02-15T14:18:00Z

1 Comment is wrong

2 _balanceAt function name shadowing

3 Store magic numbers in constants

4 NFTDriver.sol is missing tokenUri function to return erc721 metadata.

5 DripsHub says cyclesSecs must be above 1, but there is no condition checking it

6 finalAmtPerCycle sounds like average naming it finalCycleAmt would be more appropriate

7 Protocol design is not optimal for funds withdrawal

#1 - c4-judge2023-02-24T10:55:38Z

#0 - GalloDaSballo
2023-02-15T14:18:00Z

#1 - c4-judge
2023-02-24T10:55:38Z