Back to tnevler's contests

Art Gobblers contest - tnevler's results

Experimental Decentralized Art Factory By Justin Roiland and Paradigm.

General Information

Platform: Code4rena

Start Date: 20/09/2022

Pot Size: $100,000 USDC

Total HM: 4

Participants: 109

Period: 7 days

Judge: GalloDaSballo

Id: 163

League: ETH

Findings Distribution

Researcher Performance

Rank: 93/109

Findings: 1

Award: $55.20

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Art Gobblers

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron

Awards

55.1985 USDC - $55.20

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

Report

Low Risk

[L-01]: Zero-address checks are missing

Context:

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/ArtGobblers.sol#L316

team = _team;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/ArtGobblers.sol#L317

community = _community;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/token/PagesERC721.sol#L43

artGobblers = _artGobblers;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/script/deploy/DeployBase.s.sol#L49

teamColdWallet = _teamColdWallet;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/script/deploy/DeployBase.s.sol#L52

vrfCoordinator = _vrfCoordinator;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/script/deploy/DeployBase.s.sol#L53

linkToken = _linkToken;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Pages.sol#L179

goo = _goo;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Pages.sol#L181

community = _community;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/rand/ChainlinkV1RandProvider.sol#L55

artGobblers = _artGobblers;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Goo.sol#L83

artGobblers = _artGobblers;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Goo.sol#L84

pages = _pages;

https://github.com/transmissions11/solmate/blob/bff24e835192470ed38bf15dbed6084c2d723ace/src/auth/Owned.sol#L30

owner = _owner;

https://github.com/transmissions11/solmate/blob/bff24e835192470ed38bf15dbed6084c2d723ace/src/auth/Owned.sol#L40

owner = newOwner;

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/GobblerReserve.sol#L24

artGobblers = _artGobblers;

Recommendation:

Add zero-address checks.

Non-Critical Issues

[N-01]: Unused named return variable

Context:

[N-02]: Floating Pragma

Context:

All Contracts

Recommendation:

https://swcregistry.io/docs/SWC-103

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

[N-03]: Public function can be external

Context:

Description:

Public functions can be declared external if they are not called by the contract.

Recommendation:

Declare these functions as external instead of public.

[N-04]: NatSpec is missing

[N-05]: NatSpec is incomplete

https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/ArtGobblers.sol#L691 ('@param' tags and '@return' tags are missing where they are needed)
https://github.com/transmissions11/solmate/blob/bff24e835192470ed38bf15dbed6084c2d723ace/src/utils/SignedWadMath.sol ('@param' tags and '@return' tags are missing where they are needed)
L219, L239, L265 (no '@return' tags)
L62 ('@return' tag is missing)
L8 (NatSpec is missing)
L8 (NatSpec is missing)
L17 ('@return' tag is missing)

#0 - GalloDaSballo
2022-10-06T19:28:42Z

[L-01]: Zero-address checks are missing

L

[N-01]: Unused named return variable

R

[N-02]: Floating Pragma

NC

[N-03]: Public function can be external

R

## Natspec NC

1L 2R 2NC

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Contests

Get in touch

Contact Twitter