Back to yjrwkk's contests

Ajna Protocol - yjrwkk's results

A peer to peer, oracleless, permissionless lending protocol with no governance, accepting both fungible and non fungible tokens as collateral.

General Information

Platform: Code4rena

Start Date: 03/05/2023

Pot Size: $60,500 USDC

Total HM: 25

Participants: 114

Period: 8 days

Judge: Picodes

Total Solo HM: 6

Id: 234

League: ETH

Ajna Protocol

Findings Distribution

Researcher Performance

Rank: 81/114

Findings: 1

Award: $36.24

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAjna Protocol

Findings Information

🌟 Selected for report: rbserver

Also found by: 0xnev, ABAIKUNANBAEV, Audit_Avengers, Aymen0909, BGSecurity, BRONZEDISC, Bason, DadeKuma, GG_Security, Jerry0x, Jorgect, MohammedRizwan, REACH, Sathish9098, Shogoki, T1MOH, UniversalCrypto, aviggiano, ayden, berlin-101, bytes032, codeslide, descharre, fatherOfBlocks, hals, kaveyjoe, kodyvim, lfzkoala, lukris02, nadin, naman1778, patitonar, pontifex, sakshamguruji, squeaky_cactus, teawaterwire, wonjun, yjrwkk

Awards

36.2377 USDC - $36.24

Labels

bug
grade-b
QA (Quality Assurance)
Q-06

External Links

Link to GitHub issue

[QA-001] Unsafe ERC721 operations

It is recommended to use OpenZeppelin's safeTransferFrom.

ajna-core/src/RewardsManager.sol#L250

IERC721(address(positionManager)).transferFrom(msg.sender, address(this), tokenId_);

ajna-core/src/RewardsManager.sol#L302

[QA-002] Use scientific notation rather than exponentiation

E.g. 1e18 instead of 10 ** 18. While the compiler knows to optimize away the exponentiation, it is a better coding practice to use idioms that do not require compiler optimization, if they exist.

ajna-grants/src/grants/libraries/Maths.sol#L6

uint256 public constant WAD = 10**18;

ajna-grants/src/grants/libraries/Maths.sol#L30
ajna-grants/src/grants/libraries/Maths.sol#L34
ajna-grants/src/grants/libraries/Maths.sol#L38
ajna-grants/src/grants/libraries/Maths.sol#L47

[QA-003] Numeric values having to do with time should use time units for readability

Suffixes like seconds, minutes, hours, days and weeks after literal numbers can be used to specify units of time.

ajna-grants/src/grants/base/StandardFunding.sol#L34

uint256 internal constant CHALLENGE_PERIOD_LENGTH = 50400;

ajna-grants/src/grants/base/StandardFunding.sol#L40
ajna-grants/src/grants/base/StandardFunding.sol#L46
ajna-grants/src/grants/base/Funding.sol#L31

[QA-004] Lines too long

Keep line width to max 120 characters for better readability where possible.

ajna-core/src/PositionManager.sol#L423

address erc20DeployedPoolAddress  = erc20PoolFactory.deployedPools(subsetHash_, collateralAddress, quoteAddress);

There are 70 occurances of this issue.

[QA-005] Use a more recent version of solidity

ajna-core/src/PositionManager.sol#L3

pragma solidity 0.8.14;

There are 11 occurances of this issue.

[QA-006] Contracts use different solidity versions

ajna-core/src/PositionManager.sol#L3

pragma solidity 0.8.14;

ajna-grants/src/grants/GrantFund.sol#L3

pragma solidity 0.8.16;

#0 - c4-judge

2023-05-18T18:30:04Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter