Infinity NFT Marketplace contest - sach1r0's results

The world's most advanced NFT marketplace.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $50,000 USDC

Total HM: 19

Participants: 99

Period: 5 days

Judge: HardlyDifficult

Total Solo HM: 4

Id: 136

League: ETH

Infinity NFT Marketplace

Findings Distribution

Researcher Performance

Rank: 61/99

Findings: 2

Award: $80.21

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Infinity NFT Marketplace

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, 8olidity, BowTiedWardens, Chom, Cityscape, Czar102, ElKu, FSchmoede, Funen, GimelSec, GreyArt, IllIllI, KIntern, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, Ruhum, Sm4rty, StErMi, TerrierLover, TomJ, Treasure-Seeker, VAD37, WatchPug, Wayne, _Adam, a12jmx, abhinavmir, antonttc, apostle0x01, asutorufos, berndartmueller, cccz, cloudjunky, codexploder, cryptphi, csanuragjain, defsec, delfin454000, fatherOfBlocks, georgypetrov, hake, hansfriese, horsefacts, hyh, k, kenta, nxrblsrpr, oyc_109, peritoflores, rajatbeladiya, reassor, rfa, robee, sach1r0, saian, samruna, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, wagmi, zzzitron

Awards

48.9931 USDC - $48.99

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

Lack of indexed parameters in events

Details

Some of the events throughout the codebase are not indexed. Indexing event parameters enable off-chain services to search and filter for specific events. see reference: Low severity finding from OpenZeppelin Audit of HoldeFi [L09] Lack of indexed parameters in events https://blog.openzeppelin.com/holdefi-audit/#low

Mitigation

Add the indexed keyword to the events.

Line of code:

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L85-L93 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L95-L102

Lack of zero-address check in the constructor

Details

Lack of zero-address checks may lead to infunctional protocol especially in the case wherein variable is immutable like the WETH .

Mitigation

Consider adding zero-address checks such as: require(_WETH != address(0));

Line of code:

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L104-L117 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L49-L52

#0 - nneverlander
2022-06-23T11:25:02Z

Duplicate

#1 - HardlyDifficult
2022-07-12T12:09:12Z

Merging with https://github.com/code-423n4/2022-06-infinity-findings/issues/113

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xAsm0d3us, 0xDjango, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xkowloon, BowTiedWardens, Chom, ElKu, FSchmoede, Funen, GimelSec, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, PwnedNoMore, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Wayne, Waze, _Adam, antonttc, apostle0x01, asutorufos, c3phas, codexploder, defsec, delfin454000, fatherOfBlocks, hake, hansfriese, hyh, joestakey, k, kenta, oyc_109, peritoflores, reassor, rfa, robee, sach1r0, simon135, slywaters, zer0dot

Awards

31.2157 USDC - $31.22

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

No need to explicitly initialize variables with their default values

Details

When variables are not set, it is assumed to have it's default value(0 for uint, false for bool, address(0) for address). Explicitly initializing it with its default value is an anti-pattern and wastes gas.

Mitigation

change uint256 i = 0; to uint256 i;, bool _isPriceValid = false; to bool _isPriceValid; , etc.. see reference: https://code4rena.com/reports/2022-02-jpyc/ [G-07] GENERAL RECOMMENDATIONS

Line of code:

#0 - nneverlander
2022-06-23T11:25:16Z

Duplicate

Infinity NFT Marketplace contest - sach1r0's results

The world's most advanced NFT marketplace.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-38] QA Report - $48.99

Findings Information

Awards

Labels

External Links

Lack of indexed parameters in events

Details

Mitigation

Line of code:

Lack of zero-address check in the constructor

Details

Mitigation

Line of code:

#0 - nneverlander2022-06-23T11:25:02Z

#1 - HardlyDifficult2022-07-12T12:09:12Z

[G-46] Gas Report - $31.22

Findings Information

Awards

Labels

External Links

No need to explicitly initialize variables with their default values

Details

Mitigation

Line of code:

#0 - nneverlander2022-06-23T11:25:16Z

#0 - nneverlander
2022-06-23T11:25:02Z

#1 - HardlyDifficult
2022-07-12T12:09:12Z

#0 - nneverlander
2022-06-23T11:25:16Z