Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 10/30
Findings: 2
Award: $769.47
🌟 Selected for report: 4
🚀 Solo Findings: 0
🌟 Selected for report: tensors
333.9773 USDC - $333.98
tensors
Consider adding sanity checks on these 4 methods, similar to the requirement on the setOwnerSplit method.
#0 - GalloDaSballo
2021-11-30T23:31:39Z
Agree with the finding
43.8245 USDC - $43.82
tensors
I recommend adding reentrancy checks throughout Basket.sol and Auction.sol using a mutex lock. Many external calls are made to potentially unsafe token contracts. In the case that not all token contracts are properly vetted, this preventative step could be worthwhile.
#0 - GalloDaSballo
2021-11-30T23:34:40Z
Agree with finding, reentrancy check will help
🌟 Selected for report: tensors
57.691 USDC - $57.69
tensors
In L92 of Basket.sol there is an unnecessary require check that the user balance is greater than or equal to amount. If the amount is larger than user balance then the _burn() method will fail, causing the function to revert anyway.
Remove the unnecessary check.
#0 - GalloDaSballo
2021-11-30T23:32:05Z
Agree with finding, this is a non-critical / gas optimization
🌟 Selected for report: tensors
333.9773 USDC - $333.98
tensors
Throughout the code block.number is used to time functions, assuming 1 new block is added every 15 seconds. It is better to use block.timestamp for this purpose.
For example, the variable ONE_DAY in Auction.sol is given by 4 * 60 * 24, which assumes 1 block every 15 seconds. It is more natural to use the timestamp where ONE_DAY would be equal to 60 * 60 * 24 seconds.
#0 - GalloDaSballo
2021-11-30T23:34:12Z
I agree with the finding, using the time would avoid the rounding that naturally happens when using block numbers