Paladin contest - pmerkleplant's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 29/03/2022

Pot Size: $50,000 USDC

Total HM: 16

Participants: 42

Period: 5 days

Judge: 0xean

Total Solo HM: 9

Id: 105

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 28/42

Findings: 2

Award: $169.54

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Paladin

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xkatana, 0xmint, Czar102, Dravee, Funen, Ruhum, TerrierLover, defsec, gzeon, hake, hyh, jah, kenta, minhquanym, okkothejawa, pmerkleplant, rayn, reassor, robee, sorrynotsorry, sseefried, teryanarmen

Awards

117.077 USDC - $117.08

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

QA Report

Unspecific Compiler Version Pragma

Impact

Issue Information: L003

Findings:

HolyPaladinToken.sol::2 => pragma solidity ^0.8.10;
PaladinRewardReserve.sol::2 => pragma solidity ^0.8.4;

Do not use Deprecated Library Functions

Impact

Issue Information: L005.

The safeApprove function is marked as deprecated here.

Findings:

PaladinRewardReserve.sol::31 => IERC20(token).safeApprove(spender, amount);
PaladinRewardReserve.sol::38 => IERC20(token).safeApprove(spender, 0);
PaladinRewardReserve.sol::39 => IERC20(token).safeApprove(spender, amount);
PaladinRewardReserve.sol::47 => IERC20(token).safeApprove(spender, 0);

#0 - Kogaroshi
2022-04-03T06:58:20Z

QA & gas optimizations changes are done in the PR: https://github.com/PaladinFinance/Paladin-Tokenomics/pull/6 (some changes/tips were implemented, others are noted but won't be applied)

Findings Information

🌟 Selected for report: TerrierLover

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, 0xmint, Cityscape, Czar102, Dravee, Funen, IllIllI, Tomio, antonttc, defsec, gzeon, hake, kenta, minhquanym, pmerkleplant, rayn, rfa, robee, saian, securerodd, teryanarmen

Awards

52.46 USDC - $52.46

Labels

bug

G (Gas Optimization)

sponsor confirmed

External Links

Link to GitHub issue

Don't Initialize Variables with Default Value

Impact

Issue Information: G001

Findings:

HolyPaladinToken.sol::516 => uint256 low = 0;
HolyPaladinToken.sol::688 => uint256 low = 0;
HolyPaladinToken.sol::796 => uint256 userLockedBalance = 0;
HolyPaladinToken.sol::807 => uint256 lockingRewards = 0;
HolyPaladinToken.sol::940 => uint256 low = 0;
HolyPaladinToken.sol::972 => uint256 low = 0;
HolyPaladinToken.sol::1004 => uint256 low = 0;

Tools used

c4udit

#0 - Kogaroshi
2022-04-02T15:28:20Z

QA & gas optimizations changes are done in the PR: https://github.com/PaladinFinance/Paladin-Tokenomics/pull/6 (some changes/tips were implemented, others are noted but won't be applied)

Paladin contest - pmerkleplant's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-10] QA Report - $117.08

Findings Information

Awards

Labels

External Links

QA Report

Unspecific Compiler Version Pragma

Impact

Findings:

Do not use Deprecated Library Functions

Impact

Findings:

#0 - Kogaroshi2022-04-03T06:58:20Z

[G-01] Gas Report - $52.46

Findings Information

Awards

Labels

External Links

Don't Initialize Variables with Default Value

Impact

Findings:

Tools used

#0 - Kogaroshi2022-04-02T15:28:20Z

#0 - Kogaroshi
2022-04-03T06:58:20Z

#0 - Kogaroshi
2022-04-02T15:28:20Z