Back to rvierdiiev's contests

ENS - rvierdiiev's results

Decentralized naming for wallets, websites, & more.

General Information

Platform: Code4rena

Start Date: 05/10/2023

Pot Size: $33,050 USDC

Total HM: 1

Participants: 54

Period: 6 days

Judge: hansfriese

Id: 294

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 54/54

Findings: 1

Award: $5.43

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: thekmj

Also found by: 0x3b, 33BYTEZZZ, Bauchibred, Chom, Dravee, J4X, Limbooo, Maroutis, MiloTruck, MrPotatoMagic, SBSecurity, Sathish9098, Tadev, ZanyBonzy, adam-idarrha, adriro, btk, hyh, lukejohn, nmirchev8, peakbolt, radev_sw, rvierdiiev

Awards

5.4311 USDC - $5.43

Labels

bug
grade-b
QA (Quality Assurance)
sufficient quality report
edited-by-warden
Q-14

External Links

Link to GitHub issue

QA-01. ERC20MultiDelegate will not work for voting tokens that don't allow delegate with 0 balance

Description

When new proxy for delegate is deployed, then in constructor delegate function is called. And only after construction, proxy receives tokens. This means that once proxy calls delegate, then it's balance is likely 0.

In case if there will be voting token with overriden delegate function that doesn't allow delegate when you have 0 balance, then this approach will not work. Then construction of proxy will simply revert. As result someone will need to send 1 wei of tokens to the proxy, before construction, in order to be able to deploy it, which is not convenient.

Recommendation

First transfer tokens and then deploy proxy.

QA-02. ERC20MultiDelegate.createProxyDelegatorAndTransfer doesn't emit event.

Description

When someone delegates his voting power to delegator, then DelegationProcessed event should be emitted. This is done for case, when user transfers voting power from one delegator to another inside _processDelegation function, but it isn't done, when user deploys new delegator and transfer voting power. Because of that it will be harder to track voting power changes using events.

Also i guess, that in case if user just withdraws from delegator, then even should be emitted as well.

Recommendation

Emit DelegationProcessed event inside createProxyDelegatorAndTransfer function.

QA-03. Voting token that doesn't return bool on transferFrom will not work with ERC20MultiDelegate.

Description

In order to send voting tokens, ERC20MultiDelegate uses transferFrom function from ERC20 standart. This function returns bool value. However, not all tokens implement that correctly, so sometimes their transferFrom function returns nothing.

In case such token will be used as token inside ERC20MultiDelegate, then all calls will revert and contract will not be able to work.

Recommendation

Use SafeERC20 extension from OZ to make transfer calls.

QA-04. Contract has unused library

Description

import {Address} from "@openzeppelin/contracts/utils/Address.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";
using Address for address;

ERC20MultiDelegate has imported Address and Math library, but they are never used inside the contract. These imports should be removed.

Recommendation

Remove unused libs imports.

#0 - c4-pre-sort

2023-10-13T12:15:05Z

141345 marked the issue as sufficient quality report

#1 - c4-judge

2023-10-24T16:17:04Z

hansfriese marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter