veRWA - sandy's results

Incentivization Primitive for Real World Assets on Canto

General Information

Platform: Code4rena

Start Date: 07/08/2023

Pot Size: $36,500 USDC

Total HM: 11

Participants: 125

Period: 3 days

Judge: alcueca

Total Solo HM: 4

Id: 274

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 90/125

Findings: 1

Award: $9.82

QA:

grade-a

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: RED-LOTUS-REACH

Also found by: 0x3b, 0x4non, 0xCiphky, 0xDING99YA, 0xDetermination, 0xE1, 0xG0P1, 0xStalin, 0xWaitress, 0xbrett8571, 0xhacksmithh, 0xkazim, 0xmuxyz, 0xweb3boy, 14si2o_Flint, AlexCzm, Alhakista, Bube, Bughunter101, Deekshith99, Eeyore, Giorgio, HChang26, InAllHonesty, JP_Courses, KmanOfficial, MatricksDeCoder, Mike_Bello90, MrPotatoMagic, Naubit, QiuhaoLi, RHaO-sec, Raihan, Rolezn, SUPERMAN_I4G, Shubham, Silverskrrrt, Strausses, T1MOH, Topmark, Tripathi, Watermelon, _eperezok, aakansha, auditsea, audityourcontracts, ayden, carlos__alegre, castle_chain, cducrest, ch0bu, d23e, deadrxsezzz, deth, devival, erebus, fatherOfBlocks, halden, hassan-truscova, hpsb, hunter_w3b, imkapadia, immeas, jat, kaden, kaveyjoe, klau5, koxuan, kutugu, ladboy233, lanrebayode77, leasowillow, lsaudit, markus_ether, matrix_0wl, merlin, nemveer, ni8mare, nonseodion, oakcobalt, owadez, p_crypt0, pipidu83, piyushshukla, popular00, ppetrov, rjs, sandy, sl1, supervrijdag, tay054, thekmj, wahedtalash77, windhustler, zhaojie

Awards

9.8204 USDC - $9.82

Labels

bug

grade-a

QA (Quality Assurance)

edited-by-warden

Q-29

External Links

Link to GitHub issue

Summary

Low Risk Issues

Id	Title	Instances
L-01	`TODO` should be implemented.	2
L-02	Provide proper documentation	8

[L-01] `TODO` should be implemented.

Instances:

There is TODO in the constructor for changing the governance address to Oracle but it has not been implemented in both instances. It is better to implement these changes.

[L-02] Provide proper documentation.

In the src/VotingEscrow.sol there are several instances of

// See IVotingEscrow for documentation

before many functions but there is no IVotingEscrow provided for this audit. Hence, most of this functions are audited without proper documentation resulting in auditors getting less context of the functions. Provide proper documentation for a better audit.

Instances:

Non-Critical Issues

Id	Title	Instances
NC-01	Unused import	1

[NC-01] Unused import

https://github.com/code-423n4/2023-08-verwa/blob/a693b4db05b9e202816346a6f9cada94f28a2698/src/LendingLedger.sol#L4

The VotingEscrow import in src/LendingLedger.sol is unused throughout the whole contract and can be removed.

#0 - c4-judge
2023-08-22T13:51:35Z

alcueca marked the issue as grade-b

veRWA - sandy's results

Incentivization Primitive for Real World Assets on Canto

General Information

Findings Distribution

Researcher Performance

External Links

[Q-29] QA Report - $9.82

Findings Information

Awards

Labels

External Links

Summary

Low Risk Issues

[L-01] TODO should be implemented.

[L-02] Provide proper documentation.

Non-Critical Issues

[NC-01] Unused import

#0 - c4-judge2023-08-22T13:51:35Z

[L-01] `TODO` should be implemented.

#0 - c4-judge
2023-08-22T13:51:35Z