Platform: Code4rena
Start Date: 08/11/2022
Pot Size: $60,500 USDC
Total HM: 6
Participants: 72
Period: 5 days
Judge: Picodes
Total Solo HM: 2
Id: 178
League: ETH
Rank: 33/72
Findings: 2
Award: $117.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RaymondFam
Also found by: 0x1f8b, 0x52, 0xSmartContract, 0xc0ffEE, 0xhacksmithh, 8olidity, Awesome, BClabs, Bnke0x0, Chom, Deivitto, Hashlock, IllIllI, Josiah, KingNFT, Nyx, R2, ReyAdmirado, Rolezn, SamGMK, Sathish9098, SinceJuly, V_B, Vadis, Waze, a12jmx, adriro, ajtra, aphak5010, bearonbike, bin, brgltd, carlitox477, carrotsmuggler, cccz, ch0bu, chaduke, datapunk, delfin454000, erictee, fatherOfBlocks, fs0c, horsefacts, jayphbee, ktg, ladboy233, pashov, perseverancesuccess, rbserver, ret2basic, tnevler, zaskoh
36.3434 USDC - $36.34
Context:
marketplace = ILooksRareExchange(_marketplace); L38aggregator = _aggregator; L39marketplace = SeaportInterface(_marketplace); L46aggregator = _aggregator; L47aggregator = ILooksRareAggregator(_aggregator); L22Recommendation:
Add non-zero address checks when set address state variables.
Context:
Description:
According to official solidity documentation functions should be grouped according to their visibility and ordered:
constructor
receive function (if exists)
fallback function (if exists)
external
public
internal
private
Within a grouping, place the view and pure functions last.
Recommendation:
Put the functions in the correct order according to the documentation.
Context:
Context:
FulfillmentComponent[][] considerationFulfillments; // Contains the order and item index of each consideration item L27bytes32 zoneHash; // An arbitrary 32-byte value that will be supplied to the zone when fulfilling restricted orders that the zone can utilize when making a determination on whether to authorize the order L35bytes32 conduitKey; // A bytes32 value that indicates what conduit, if any, should be utilized as a source for token approvals when performing transfers L37* @notice This contract offers transfer of ownership in two steps with potential owner having to confirm the transaction. L8* Renouncement of the ownership is also a two-step process with a timelock since the next potential owner is address(0). L9* @notice This contract is used to verify signatures for EOAs (with length of both 65 and 64 bytes) and contracts (ERC-1271). L9* @notice Return ETH to the original sender if any is left in the payable call but leave 1 wei of ETH in the contract. L52Description:
Maximum suggested line length is 120 characters.
#0 - c4-judge
2022-11-21T17:15:55Z
Picodes marked the issue as grade-b
#1 - 0xhiroshi
2022-11-24T22:08:52Z
N-1 and N-3 are valid
#2 - c4-sponsor
2022-11-24T22:08:59Z
0xhiroshi requested judge review
80.8321 USDC - $80.83
Context:
OrderTypes.TakerOrder memory takerBid, L108OrderTypes.MakerOrder memory makerAsk, L109function _populateParameters(BasicOrder calldata order, OrderExtraData memory orderExtraData) L227 (orderExtraData)function _splitSignature(bytes memory signature) L19function _recoverEOASigner(bytes32 hash, bytes memory signature) internal pure returns (address signer) { L56bytes memory signature L75Description:
If a reference type function parameter is read-only, it is recommended to use calldata instead of memory because this provides significant gas savings. Since Solidity v0.6.9, memory and calldata are allowed in all functions regardless of their visibility type (ie external, public, etc).
#0 - c4-judge
2022-11-21T18:13:24Z
Picodes marked the issue as grade-b
#1 - 0xhiroshi
2022-11-24T18:26:04Z
valid - 3,4,5,6 invalid - 1,2
#2 - c4-sponsor
2022-11-24T18:26:08Z
0xhiroshi requested judge review