Platform: Code4rena
Start Date: 10/02/2022
Pot Size: $100,000 USDC
Total HM: 13
Participants: 21
Period: 7 days
Judge: leastwood
Total Solo HM: 10
Id: 85
League: ETH
Rank: 16/21
Findings: 1
Award: $348.94
🌟 Selected for report: 0
🚀 Solo Findings: 0
Frontrun issue: You have a a small frontrun issue in LensHub.sol line 63 that worth mentioning. One can frontrun your init function and then stuck the system since you will not be able to use the function again:
Consider having two steps verification to change owner to avoid human mistakes: LensHub.sol
Recommendation: use one solidity version to avoid not desired code behaviors and more stability.
Fee validation iseue: The fee parameter should not exceed 100%: ModuleGlobals.setTreasuryFee (newTreasuryFee)
In ERC721Enumerable the function _addTokenToAllTokensEnumeration pushes the parameter tokenId to an array without validating if it's already there! (This cases easily leads to high risks scenarios)
#0 - Zer0dot
2022-03-25T18:06:47Z
The last point is valid and appears to have been pointed out by a lot of folks. However, as it's the OZ audited ERC721 contract, we're leaving it as is.