Platform: Code4rena
Start Date: 31/03/2022
Pot Size: $75,000 USDC
Total HM: 7
Participants: 42
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 5
Id: 102
League: ETH
Rank: 17/42
Findings: 1
Award: $230.44
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rayn
Also found by: 0xDjango, 0xkatana, 0xkowloon, BouSalman, CertoraInc, Dravee, Funen, Hawkeye, IllIllI, Jujic, Kenshin, Kthere, Meta0xNull, Sleepy, TerrierLover, async, aysha, berndartmueller, catchup, cccz, cmichel, csanuragjain, danb, defsec, georgypetrov, hake, hubble, kenta, kyliek, pauliax, rfa, robee, sahar, shenwilly, teryanarmen
230.442 USDC - $230.44
Discord Handle: Sahar#3109 Findings
1-Title: Unused constant Summary: This defined constant does not appear to have been used anywhere in the contracts. And if it is defined for burning tokens, it is better to replace it with a known burning address (0x000000000000000000000000000000000000dEaD) GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/Constants.sol#L22
2.Title: Missing Event Summary: int() function is a critical function, and it should emit an event. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/core/Core.sol#L20
3.Title: Multiple Solidity pragma Summary: constant.sol file has a different version of solidity pragma (compared to other smart contracts) GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/Constants.sol#L2
4.Title: Missing Event Summary: Events for critical state changes should be emitted for tracking this off-chain. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/core/Permissions.sol#L211
5.Title: unnecessary safemath use. Summary: This is not necessary to use safemath library in solidity version 8 and upper versions. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/external/Decimal.sol#L26
6.Title: Unlocked pragma Summary: It is recommended to use the strict Solidity compiler version instead of the unlocked pragma version in order to prevent unexpected behaviors. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/oracle/ScalingPriceOracle.sol#L2
7.Title: unsuitable constant declaration Summary: Given the unpredictability of inflation, it does not make sense to use an unchangeably fixed number as the maximum inflation rate. This option can be considered as a variable that can be changed by the governor. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/oracle/ScalingPriceOracle.sol#L55
8.Title: Missing comment
Summary: The fact that the contract can be deployed both in the mainnet and in the Kovan testnet must be explained here. It is recommended that the Kovan chain ID be removed when deploying the original contract on mainnet.
GitHub Permalinks:
https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/oracle/ScalingPriceOracle.sol#L84
9.Title: poor business logic Summary: The constant defined to limit voltage minting rate is logically very high. GitHub Permalinks: https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/volt/minter/RateLimitedMinter.sol#L9