Platform: Code4rena
Start Date: 21/08/2023
Pot Size: $36,500 USDC
Total HM: 1
Participants: 43
Period: 7 days
Judge: Dravee
Id: 277
League: ETH
Rank: 42/43
Findings: 1
Award: $9.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Udsen
Also found by: 0xSmartContract, 0xmystery, 0xprinc, Fulum, JP_Courses, MatricksDeCoder, Mirror, MohammedRizwan, MrPotatoMagic, Rolezn, Shubham, Testerbot, ast3ros, chainsnake, lanrebayode77, lsaudit, nisedo, plainshift, pontifex, prapandey031
9.1555 USDC - $9.16
| Issue | Instances | |
|---|---|---|
| [L001] | Contracts are not using their OZ Upgradeable counterparts | 1 |
Total: 1 instance over 1 issue
| Issue | Instances | |
|---|---|---|
| [NC01] | Typos in comments / Wrong comments | 11 |
| [NC02] | Top level declarations should be separated by two blank lines | 4 |
| [NC03] | Adding a return statement when the function defines a named return variable, is redundant | 1 |
| [NC04] | Mixed usage of int/uint with int256/uint256 | 2 |
| [NC05] | Useless parentheses | 1 |
Total: 19 instances over 5 issues
The non-upgradeable standard version of OpenZeppelin's library is inherited/used by the contracts. It would be safer to use the upgradeable versions of the library contracts to avoid unexpected behavior.
Use the contracts from @openzeppelin/contracts-upgradeable instead of @openzeppelin/contracts where applicable. See https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/tree/master/contracts for a list of available upgradeable contracts
File: tmp/bde7fb54-d3f4-4a74-8869-2543988da276/EvolvingProteus.sol 7 import "@openzeppelin/contracts/utils/math/Math.sol";
Avoid typos, and correct wrong comments.
Wrong comment:
/** @notice Calculates the b variable in the curve eq which is basically a sq. root of the inverse of x instantaneous price @param self config instance */
Should be: Calculates the b variable in the curve eq which is basically a sq. root of x instantaneous price.
Wrong comment:
/** @notice The minimum price value calculated with abdk library equivalent to 10^12(wei) */
Should be: 10^10 instead of 10^12 since the min price value is 10^-8.
Wrong comment:
@param px_final The final price at the y axis
Should be: x axis instead of y axis.
Wrong comment:
295 // amount cannot be less than 0 296 require(result < 0);
Should be: // amount cannot be greater than or equal to 0.
335 // amount cannot be less than 0 336 require(result > 0);
Should be: // amount cannot be less than or equal to 0.
377 // amount cannot be less than 0 378 require(result > 0);
Should be: // amount cannot be less than or equal to 0.
413 // amount cannot be less than 0 414 require(result > 0);
Should be: // amount cannot be less than or equal to 0.
Wrong comment:
450 // amount cannot be less than 0 451 require(result < 0);
Should be: // amount cannot be greater than or equal to 0.
Wrong comment:
459 * @dev We use FEE_UP because we want to increase the perceived amount of 460 * reserve tokens leaving the pool and to increase the observed amount of 461 * LP tokens being burned. 462 */
Should be: We use FEE_DOWN because we want to decrease the perceived amount of reserve tokens leaving the pool and to decrease the observed amount of LP tokens being burned.
Wrong comment:
487 // amount cannot be less than 0 488 require(result < 0);
Should be: // amount cannot be greater than or equal to 0.
According to the Solidity Style guide, top level declarations should be separated by two blank lines.
Surround top level declarations in Solidity source with two blank lines.
File: tmp/bde7fb54-d3f4-4a74-8869-2543988da276/EvolvingProteus.sol 6 import "abdk-libraries-solidity/ABDKMath64x64.sol"; 10 struct Config { 44 library LibConfig { 137 contract EvolvingProteus is ILiquidityPoolImplementation {
If a function defines a named return variable, it is not necessary to explicitly return it. It will automatically be returned at the end of the function.
File: tmp/bde7fb54-d3f4-4a74-8869-2543988da276/EvolvingProteus.sol 663 return uf;
int/uint with int256/uint256:int256/uint256 are the preferred type names (they're what are used for function signatures), so they should be used consistently.
File: tmp/bde7fb54-d3f4-4a74-8869-2543988da276/EvolvingProteus.sol 259 if (py_init.div(py_init.sub(px_init)) > ABDKMath64x64.divu(uint(MAX_PRICE_RATIO), 1)) revert MaximumAllowedPriceRatioExceeded(); 260 if (py_final.div(py_final.sub(px_final)) > ABDKMath64x64.divu(uint(MAX_PRICE_RATIO), 1)) revert MaximumAllowedPriceRatioExceeded();
Parentheses are redundant and should be removed from:
782 int256 f_1 = ( ((MULTIPLIER)*(MULTIPLIER) / f_0) - a_convert );
to match the style of:
751 int256 f_1 = ((MULTIPLIER * MULTIPLIER / f_0) - b_convert);
#0 - 0xRobocop
2023-08-30T04:09:29Z
Most are known
#1 - c4-pre-sort
2023-08-30T04:09:33Z
0xRobocop marked the issue as low quality report
#2 - c4-judge
2023-09-11T20:00:36Z
JustDravee marked the issue as grade-b