Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 24/30
Findings: 3
Award: $279.33
π Selected for report: 2
π Solo Findings: 0
131.4735 USDC - $131.47
shenwilly
It's best practice to use OpenZeppelinβs safeTransfer & safeTransferFrom for token transfers. While most of the code already uses them, withdrawBounty from Auction.sol is missing it, which could cause silent failure of transfers.
Change transfer to safeTransfer.
#0 - frank-beard
2021-10-19T17:41:47Z
#1 - GalloDaSballo
2021-11-30T23:36:52Z
Duplicate of #196
π Selected for report: shenwilly
57.691 USDC - $57.69
shenwilly
OpenZeppelin ERC20Upgradeable _burn already checks for account balance, so another check is unnecessary.
Remove the require statement
#0 - GalloDaSballo
2021-11-30T22:43:06Z
Damned if you do, damned if you don't
I can only imagine the wardens sending the findings if you didn't run the check
Agree with finding, will change to gas
90.1739 USDC - $90.17
shenwilly
Accidental use of zero-address from faulty deployment script can force re-deployment of contract. Recommend adding zero-address check on Factory.sol constructor, especially because _auctionImpl & _basketImpl are unchangeable.
Consider adding zero address checks in the Factory.sol constructor.
#0 - GalloDaSballo
2021-12-01T22:29:44Z
Agree with finding, will keep this as the main finding and set others to dupes