Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 52/72
Findings: 2
Award: $143.43
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s
91.3943 USDC - $91.39
Issue Information: L010 - Boolean equality
Funding.sol::147 => citadelPriceFlag == false,
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s
52.043 USDC - $52.04
Issue Information: G001 - variables with default value
CitadelMinter.sol::152 => for (uint256 i = 0; i < numPools; i++) { CitadelMinter.sol::180 => uint256 lockingAmount = 0; CitadelMinter.sol::181 => uint256 stakingAmount = 0; CitadelMinter.sol::182 => uint256 fundingAmount = 0; SupplySchedule.sol::103 => uint256 mintable = 0; SupplySchedule.sol::192 => uint256 mintable = 0; lib/GlobalAccessControlManaged.sol::47 => bool validRoleFound = false; lib/GlobalAccessControlManaged.sol::48 => for (uint256 i = 0; i < roles.length; i++) { test/BaseFixture.sol::293 => for (uint256 i = 0; i < numAddressesToTrack; i++) {
Issue Information: G002 - array length outside loop
CitadelMinter.sol::344 => for (uint256 i; i < length; ++i) { lib/GlobalAccessControlManaged.sol::48 => for (uint256 i = 0; i < roles.length; i++) { lib/SafeERC20.sol::96 => if (returndata.length > 0) { test/utils/SnapshotUtils.sol::16 => for (uint256 i; i < length; ++i) { test/utils/SnapshotUtils.sol::41 => if (address(MULTICALL).code.length == 0) { test/utils/SnapshotUtils.sol::66 => for (uint256 i; i < length; ++i) {
Issue Information: G007 - long (revert) strings
CitadelMinter.sol::301 => "CitadelMinter: Sum of propvalues must be 10000 bps" CitadelMinter.sol::321 => "CitadelMinter: last mint timestamp already initialized" CitadelMinter.sol::328 => "CitadelMinter: supply schedule start not initialized" CitadelMinter.sol::370 => "CitadelMinter: funding pool does not exist for removal" CitadelMinter.sol::377 => "CitadelMinter: funding pool already exists" Funding.sol::148 => "Funding: citadel price from oracle flagged and pending review" Funding.sol::298 => "cannot decrease cap below global sum of assets in" Funding.sol::325 => "cannot sweep funding asset, use claimAssetToTreasury()" Funding.sol::390 => "Funding: sale recipient should not be zero" GlobalAccessControl.sol::118 => "Role string and role do not match" KnightingRound.sol::122 => "KnightingRound: start date may not be in the past" KnightingRound.sol::126 => "KnightingRound: the sale duration must not be zero" KnightingRound.sol::130 => "KnightingRound: the price must not be zero" KnightingRound.sol::134 => "KnightingRound: sale recipient should not be zero" KnightingRound.sol::273 => require(!finalized, "KnightingRound: already finalized"); KnightingRound.sol::277 => "KnightingRound: not enough balance" KnightingRound.sol::295 => "KnightingRound: start date may not be in the past" KnightingRound.sol::297 => require(!finalized, "KnightingRound: already finalized"); KnightingRound.sol::314 => "KnightingRound: the sale duration must not be zero" KnightingRound.sol::316 => require(!finalized, "KnightingRound: already finalized"); KnightingRound.sol::333 => "KnightingRound: the price must not be zero" KnightingRound.sol::351 => "KnightingRound: sale recipient should not be zero" KnightingRound.sol::384 => require(!finalized, "KnightingRound: already finalized"); StakedCitadel.sol::192 => "performanceFeeGovernance too high" StakedCitadel.sol::196 => "performanceFeeStrategist too high" StakedCitadel.sol::508 => "Please withdrawToVault before changing strat" StakedCitadel.sol::537 => "performanceFeeStrategist too high" StakedCitadel.sol::632 => "Excessive strategist performance fee" StakedCitadel.sol::652 => "Excessive governance performance fee" StakedCitadelVester.sol::137 => require(msg.sender == vault, "StakedCitadelVester: only xCTDL vault"); StakedCitadelVester.sol::138 => require(_amount > 0, "StakedCitadelVester: cannot vest 0"); SupplySchedule.sol::62 => "SupplySchedule: minting not started" SupplySchedule.sol::92 => "SupplySchedule: minting not started" SupplySchedule.sol::96 => "SupplySchedule: already minted up to current block" SupplySchedule.sol::139 => "SupplySchedule: minting already started" SupplySchedule.sol::143 => "SupplySchedule: minting must start at or after current time" SupplySchedule.sol::157 => "SupplySchedule: rate already set for given epoch" SupplySchedule.sol::181 => "SupplySchedule: minting not started" SupplySchedule.sol::185 => "SupplySchedule: attempting to mint before start block" SupplySchedule.sol::189 => "SupplySchedule: already minted up to current block" SupplySchedule.sol::227 => "total mintable after this iteration",
Issue Information: G009 - Prefix increments are cheaper than postfix increments
CitadelMinter.sol::152 => for (uint256 i = 0; i < numPools; i++) { SupplySchedule.sol::208 => for (uint256 i = startingEpoch; i <= endingEpoch; i++) { lib/GlobalAccessControlManaged.sol::48 => for (uint256 i = 0; i < roles.length; i++) { test/BaseFixture.sol::293 => for (uint256 i = 0; i < numAddressesToTrack; i++) { test/utils/Utils.sol::21 => digits++;