Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $36,500 CANTO
Total HM: 5
Participants: 38
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 212
League: ETH
Rank: 24/38
Findings: 1
Award: $44.97
š Selected for report: 0
š Solo Findings: 0
š Selected for report: HardlyDifficult
Also found by: 0xAgro, 0xSmartContract, Aymen0909, DevABDee, JC, Matin, Rolezn, SleepingBugs, adriro, brevis, btk, chaduke, d3e4, enckrish, hihen, joestakey, libratus, merlin, nicobevi, rotcivegaf, shark, sorrynotsorry
149.2473 CANTO - $44.97
File: src/CidNFT.sol /// @audit: `existant` to `existent` 274: uint256 arrayPosition = activeData.positions[_nftIDToRemove]; // Index + 1, 0 if non-existant /// @audit: `subprotocl` to `subprotocol` 306: /// @return subprotocolNFTID The ID of the primary NFT at the queried subprotocl / CID NFT. 0 if it does not exist /// @audit: `subprotocl` to `subprotocol` 318: /// @return subprotocolNFTIDs The ID of the primary NFT at the queried subprotocl / CID NFT. 0 if it does not exist
Look in the solidity documentation
File: src/SubprotocolRegistry.sol /// @audit: `100 * 10**18` to `100e18` 17: uint256 public constant REGISTER_FEE = 100 * 10**18;
import "<CONTRACT>.sol"; => import {X} from "<CONTRACT>.sol";
File: src/CidNFT.sol 5:import "solmate/tokens/ERC20.sol"; 6:import "solmate/utils/SafeTransferLib.sol"; 7:import "./SubprotocolRegistry.sol";
File: src/SubprotocolRegistry.sol 4:import "solmate/tokens/ERC721.sol"; 5:import "solmate/tokens/ERC20.sol"; 6:import "solmate/utils/SafeTransferLib.sol"; 7:import "./CidSubprotocolNFT.sol";
File: src/AddressRegistry.sol 4:import "solmate/tokens/ERC721.sol";
First input parameters validations Second others validations
File: src/SubprotocolRegistry.sol 88: if (!(_ordered || _primary || _active)) revert NoTypeSpecified(_name); 90: if (subprotocolData.owner != address(0)) revert SubprotocolAlreadyExists(_name, subprotocolData.owner); 93: if (!ERC721(_nftAddress).supportsInterface(type(CidSubprotocolNFT).interfaceId)) 94: revert NotASubprotocolNFT(_nftAddress);
The struct SubprotocolData inside of the contracts CidNFT and SubprotocolRegistry have the same name with different parameters
Specify the type in the parameter/contract instead of cast it, after
File: src/AddressRegistry.sol /// @audit: `address` to `ERC721` 14: address public immutable cidNFT; 36: constructor(address _cidNFT) { /// @audit: Remove cast 43: if (ERC721(cidNFT).ownerOf(_cidNFTID) != msg.sender)
File: src/CidNFT.sol /// @audit: `address` to `ERC20` 124: address _noteContract, /// @audit: Remove cast 129: note = ERC20(_noteContract);
File: src/SubprotocolRegistry.sol /// @audit: `address` to `ERC721` 33: address nftAddress; 48: address indexed nftAddress, 60: error NotASubprotocolNFT(address nftAddress); 83: address _nftAddress, /// @audit: Remove cast 93: if (!ERC721(_nftAddress).supportsInterface(type(CidSubprotocolNFT).interfaceId)) /// @audit: `address` to `ERC20` 65: constructor(address _noteContract, address _cidFeeWallet) { /// @audit: Remove cast 66: note = ERC20(_noteContract);
Remove space:
File: src/CidNFT.sol 153:\n
File: src/CidNFT.sol 106: error NotAuthorizedForSubprotocolNFT(address caller, uint256 subprotocolNFTID);
File: src/CidNFT.sol 191: uint256 cidFee = (subprotocolFee * CID_FEE_BPS) / 10_000;
File: src/CidNFT.sol From: 91: subprotocolData.owner = msg.sender; 92: subprotocolData.fee = _fee; 95: subprotocolData.nftAddress = _nftAddress; 96: subprotocolData.ordered = _ordered; 97: subprotocolData.primary = _primary; 98: subprotocolData.active = _active; 99: subprotocols[_name] = subprotocolData; To: subprotocols[_name] = SubprotocolData({ owner: msg.sender, fee: _fee, nftAddress: _nftAddress, ordered: _ordered, primary: _primary, active: _active });
#0 - c4-judge
2023-02-18T13:07:52Z
berndartmueller marked the issue as grade-b