Back to samruna's contests

AbraNFT contest - samruna's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Platform: Code4rena

Start Date: 27/04/2022

Pot Size: $50,000 MIM

Total HM: 6

Participants: 59

Period: 5 days

Judge: 0xean

Id: 113

League: ETH

Abracadabra Money

Findings Distribution

Researcher Performance

Rank: 32/59

Findings: 2

Award: $117.62

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAbracadabra Money

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s

Awards

73.7196 MIM - $73.72

Labels

bug
QA (Quality Assurance)
sponsor disputed

External Links

Link to GitHub issue

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L218 Consider using safeTransferFrom which has inbuild check for receiver address.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L96 LOAN_INITIAL constant is not used really or set anywhere. It can be removed.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L214 Since LOAN_INITIAL is not set anywhere in the contract, this check will never be true. Can be removed.

#0 - cryptolyndon

2022-05-12T03:39:59Z

We're deliberately not using safeTransferFrom for NFTs. See #20

Although not explicitly assigned, LOAN_INITIAL is the default for that field. It gets returned if you ask for a loan that does not exist (not "requested" as in applied with collateral).

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s

Awards

43.9047 MIM - $43.90

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L365 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L385 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L516 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L522 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L541 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L641 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L973 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L999 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L1029 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/BentoBoxFlat.sol#L1048 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L181 If funtion is not called within the contract, it should be declared as external. Function parameters are stored when defined public. This can save gas fees.

#0 - cryptolyndon

2022-05-03T04:09:29Z

  • BentoBox contract is out of scope; that version is only still in the repository because it serves as the base of our mock BentoBox for testing.

  • Acknowledge the last one

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter