Platform: Code4rena
Start Date: 01/07/2022
Pot Size: $75,000 USDC
Total HM: 17
Participants: 105
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 5
Id: 143
League: ETH
Rank: 66/105
Findings: 1
Award: $94.50
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xdanial, 0xf15ers, Bnke0x0, Ch_301, Chandr, Chom, Funen, GimelSec, Hawkeye, JC, Kaiziron, Lambda, Meera, MiloTruck, Noah3o6, Picodes, ReyAdmirado, Rohan16, Sm4rty, TerrierLover, TomJ, Waze, _Adam, __141345__, asutorufos, aysha, berndartmueller, brgltd, cccz, codexploder, defsec, delfin454000, djxploit, durianSausage, fatherOfBlocks, hake, horsefacts, hubble, jayfromthe13th, joestakey, jonatascm, m_Rassska, oyc_109, pashov, rajatbeladiya, rbserver, robee, sach1r0, sahar, samruna, simon135, svskaushik, zzzitron
94.5013 USDC - $94.50
Input var ( _prijec0tId) is not used in the function body. So this unused entry may confuse future readers and users of this smart contract. A similar problem can be seen for most of the functions of this file.
Because the admin (controller) can burn a number of a specific token If the command to burn the token and the function to calculate the supply of the token are called and executed almost at the same time. Therefore, the amount declared in the TotalSupply variable will not be correct.
When the controller replaces an old token with a new one, it usually needs to work with the new token afterwards. Therefore, declaring the new token as return parameter seems more logical than returning the old token. Therefore, the output of this function should be changed to : (IJBToken _token)
If the declared address in (_newOwner) is wrong for any reason, there is no way to correct this mistake and the old tokens become useless. It is strongly recommended to use the two-step changeover method. In first step address of the new owner should be sent to the contract, and then the delegation of authority should be requested through the new address.
If there is a limit for total supply, this limit is not considered in adding new tokens. It means that it is not checked that the new mint will cause the new supply to exceed the total supply
No modifier or input variable validation and checker is set for the input in the function. Any user can call and set it
Insecurity by compelexity:
This idea is implemented in a complex way .It is complicated to keep track of all the processes and workflows. This raises the possibility of hidden bugs. It is suggested to simplify part of the processes and workflow and data. Principle of Economy of Mechanism: “Keep the design as simple and small as possible” — Ensure that contracts and functions are not overly complex or large so as to reduce readability or maintainability. Complexity typically leads to insecurity
#0 - drgorillamd
2022-08-18T08:39:47Z
Findings are either wrongs or inaccurate, I suggest not accepting this one