Platform: Code4rena
Start Date: 08/11/2022
Pot Size: $60,500 USDC
Total HM: 6
Participants: 72
Period: 5 days
Judge: Picodes
Total Solo HM: 2
Id: 178
League: ETH
Rank: 55/72
Findings: 1
Award: $36.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RaymondFam
Also found by: 0x1f8b, 0x52, 0xSmartContract, 0xc0ffEE, 0xhacksmithh, 8olidity, Awesome, BClabs, Bnke0x0, Chom, Deivitto, Hashlock, IllIllI, Josiah, KingNFT, Nyx, R2, ReyAdmirado, Rolezn, SamGMK, Sathish9098, SinceJuly, V_B, Vadis, Waze, a12jmx, adriro, ajtra, aphak5010, bearonbike, bin, brgltd, carlitox477, carrotsmuggler, cccz, ch0bu, chaduke, datapunk, delfin454000, erictee, fatherOfBlocks, fs0c, horsefacts, jayphbee, ktg, ladboy233, pashov, perseverancesuccess, rbserver, ret2basic, tnevler, zaskoh
36.3434 USDC - $36.34
L-01 Code uses ecrecover which is susceptible to signature malleability
It is a best practice to use OpenZeppelin’s ECDSA library for recovering the signer of a signature, because of the inherent signature malleability vulnerability of ecrecover
L-02 Constructors are missing non-zero address checks
Add non-zero address checks for all address type arguments in all constructors for safety
NC-01 Use latest version of Solidity without a floating pragma
Latest Solidity version is 0.8.17, use it to get latest compiler features and optimisations and do not use a floating pragma as it is a bad practice.
#0 - c4-judge
2022-11-21T19:10:46Z
Picodes marked the issue as grade-b
#1 - c4-sponsor
2022-11-24T23:04:01Z
0xhiroshi marked the issue as sponsor disputed