Platform: Code4rena
Start Date: 18/05/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 72
Period: 4 days
Judge: LSDan
Id: 237
League: ETH
Rank: 46/72
Findings: 1
Award: $16.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ABA
Also found by: 0x4non, 0xHati, 0xMosh, 0xSmartContract, 0xWaitress, 0xhacksmithh, 0xnev, 0xprinc, Arabadzhiev, BLACK-PANDA-REACH, Deekshith99, Dimagu, KKat7531, Kose, LosPollosHermanos, MohammedRizwan, QiuhaoLi, RaymondFam, Rickard, Rolezn, SAAJ, Sathish9098, Shubham, SmartGooofy, Tripathi, Udsen, V1235816, adriro, arpit, ayden, bigtone, codeVolcan, d3e4, dwward3n, fatherOfBlocks, favelanky, jovemjeune, kutugu, lfzkoala, lukris02, matrix_0wl, minhquanym, ni8mare, parsely, pxng0lin, radev_sw, ravikiranweb3, rbserver, sces60107, souilos, tnevler, turvy_fuzz, yellowBirdy
16.1907 USDC - $16.19
a) On minting the token, JBXBuybackDelegate_Mint() event is emitted with project id only. It would be more appropriate to emit the amount if not beneficiary incase offchain was tracking the minting amounts.
b) function redeemParams is not implemented. It is a dummy implementation.
c) Memo field value of JBDidPayData calldata could have been used for the memo field to retain the context of the transaction instead of passing an empty string.
jbxTerminal.addToBalanceOf{value: _data.amount.value}( _data.projectId, _data.amount.value, JBTokens.ETH, "", new bytes(0) );
// @audit -> could have passed _data.memo instead of the empty string
#0 - c4-judge
2023-06-02T10:53:56Z
dmvt marked the issue as grade-b