Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 169/179
Findings: 3
Award: $4.67
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: cloudjunky
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, 0xHarry, 0xNazgul, 0xNineDec, 0xf15ers, 0xsanson, 0xsolstars, 8olidity, Bnke0x0, CertoraInc, Chom, Deivitto, Dravee, GalloDaSballo, GimelSec, IllIllI, Jmaxmanblue, JohnSmith, Jujic, Kenshin, Krow10, Lambda, MEP, Noah3o6, RedOneN, Ruhum, StErMi, StyxRave, TomJ, Treasure-Seeker, TrungOre, _Adam, __141345__, arcoun, asutorufos, bardamu, bearonbike, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, cccz, codexploder, cryptonue, cryptphi, cthulhu_cult, dharma09, dipp, djxploit, durianSausage, ellahi, giovannidisiena, hansfriese, horsefacts, hyh, immeas, indijanc, jayjonah8, jayphbee, joestakey, kenzo, kyteg, ladboy233, minhquanym, navinavu, obront, oyc_109, peritoflores, rbserver, reassor, rokinot, rotcivegaf, saian, scaraven, shenwilly, simon135, sseefried, teddav, zzzitron
0.0037 USDC - $0.00
High dependency of gas in your contract
The usage of transfer to send ETH is discouraged, because it sends a fixed amount of 2300 gas.
This function was designed to avoid reentrancy however the dependency of gas could make revert the transaction is the gas cost changes.
function payEther(uint256 payAmt, address payAddress) internal { if (payAmt > 0) {@audit gas // if royalty has to be paid payable(payAddress).transfer(payAmt); } }
Use call instead (your contract already has reentrancy protection)
function payEther(uint256 payAmt, address payAddress) internal { if (payAmt > 0) {@audit gas // if royalty has to be paid payAddress.call{value:payAmt}(""); } }
#0 - KenzoAgada
2022-08-03T14:01:15Z
Duplicate of #343
Note that return value of call needs to be checked to verify successful operation
🌟 Selected for report: TomJ
Also found by: 0x4non, 0x52, 0xDjango, 0xNazgul, 0xf15ers, 0xsanson, 8olidity, Bnke0x0, CertoraInc, Ch_301, Chom, Dravee, GalloDaSballo, GimelSec, JC, Jujic, Kenshin, Kumpa, Lambda, M0ndoHEHE, PaludoX0, RedOneN, Ruhum, Sm4rty, Treasure-Seeker, TrungOre, Twpony, Waze, _Adam, __141345__, apostle0x01, arcoun, benbaessler, bin2chen, brgltd, cccz, cloudjunky, cryptonue, djxploit, ellahi, erictee, hansfriese, i0001, minhquanym, oyc_109, peritoflores, rbserver, reassor, rokinot, rotcivegaf, saian, shenwilly, sseefried
0.1513 USDC - $0.15
ERC721 tokens can be locked forever if the receiver contract is unable to handle them
The usage of ERC721.transferFrom to transfer NFTs does not check if the receiver is able to handle them.
This means that the tokens can be locked forever.
if (o.isERC721) { require(amount == 1, 'only 1 erc721 at 1 time'); ERC721(o.collection).transferFrom(o.signer, receiver, o.tokenId); } else { ERC1155(o.collection).safeTransferFrom(o.signer, receiver, o.tokenId, amount, ''); }
Use safeTransferFrom from OZ.
#0 - KenzoAgada
2022-08-03T15:04:25Z
Duplicate of #342
🌟 Selected for report: AuditsAreUS
Also found by: 0xSky, CertoraInc, GimelSec, GiveMeTestEther, Green, Lambda, Ruhum, RustyRabbit, Treasure-Seeker, Twpony, arcoun, bin2chen, cccz, codexploder, cryptonue, dipp, horsefacts, jayphbee, joestakey, minhquanym, obront, peritoflores, rbserver, reassor, rotcivegaf, scaraven, ych18
4.5163 USDC - $4.52
Loss of funds when sending more ETH than swap requires.
The function _fillAsk checks that the amount of ETH should be greater than the cost of the swap. However, if the users incorrectly sends more ETH (or just miscalculate amount) then all remaining ETH will be locked in the contract forever
// attached ETH value should be greater than total value of one NFT * total number of NFTs + any extra payment to be given require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm');
Refund the extra ETH sent by using a variable
#0 - KenzoAgada
2022-08-04T02:48:48Z
Duplicate of #75