Platform: Code4rena
Start Date: 15/06/2022
Pot Size: $30,000 USDC
Total HM: 5
Participants: 55
Period: 3 days
Judge: Jack the Pug
Id: 138
League: ETH
Rank: 37/55
Findings: 1
Award: $53.62
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xFar5eer, 0xNazgul, 0xNineDec, 242, Chom, Czar102, Funen, GimelSec, Meera, Picodes, Sm4rty, Tadashi, TerrierLover, Waze, _Adam, a12jmx, asutorufos, codexploder, cryptphi, defsec, gzeon, hyh, joestakey, minhquanym, oyc_109, reassor, robee, saian, sorrynotsorry, unforgiven, zzzitron
53.6173 USDC - $53.62
In initialize function assert statement is used to validate vault token, Assert should be used to check for internal errors and invariants and require should be used to validate external input data
assert(IVault(_vault).token() == address(AURA));
The contract has open todos which can be fixed and removed
Functions are missing param comments
/// @dev Change Delegation to another address function manualSetDelegate(address delegate) external {
///@dev Should we check if the amount requested is more than what we can return on withdrawal? function setWithdrawalSafetyCheck(bool newWithdrawalSafetyCheck) external {
///@dev Should we processExpiredLocks during reinvest? function setProcessLocksOnReinvest(bool newProcessLocksOnReinvest) external {
///@dev Change the contract that handles bribes function setBribesProcessor(IBribesProcessor newBribesProcessor) external {
/// @notice Will not notify the BRIBES_PROCESSOR as this could be triggered outside bribes function sweepRewardToken(address token) public nonReentrant {
/// @dev Bulk function for sweepRewardToken function sweepRewards(address[] calldata tokens) external {
/// @dev allows claiming of multiple bribes, badger is sent to tree /// @notice Hidden hand only allows to claim all tokens at once, not individually. /// Allows claiming any token as it uses the difference in balance function claimBribesFromHiddenHand(IRewardDistributor hiddenHandDistributor, IRewardDistributor.Claim[] calldata _claims) external nonReentrant {
function checkUpkeep(bytes calldata checkData) external view returns (bool upkeepNeeded, bytes memory performData) {
/// @dev Function for ChainLink Keepers to automatically process expired locks function performUpkeep(bytes calldata performData) external {
#0 - GalloDaSballo
2022-06-19T17:59:27Z
Disagree with natspec, the best comment is the one you don't write.