HardlyDifficult
commented
2 years ago Open code423n4 opened 2 years ago
HardlyDifficult
commented
2 years ago HardlyDifficult
commented
2 years ago Good best practices to follow.
2022-06-nibbl
1 missing validations for the length of arrays.
The following parameters are array and the length of them must be checked before executing a function if the length is the same or not.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
require(a.length == b.length, “error message”);
2 use safeTransfer instead of transfer or check the return value of the transfer
transfer is used to send ERC20 tokens. The return value must be checked if the transfer is successful or not. Otherwise, safeTrasfer must be used as an alternative.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L517 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L526 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L87 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L94
Consider using safeTransfer or check the return value of the transfer.
3 use receivingAddress.call{value: amount}(""); instead of transfer
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L80
(bool success, )= receivingAddress.call{value:amount}(""); require(success, “Error message”);
4 missing event for updateCurator.
Curator is a state variable. Event could be emitted in updateCurator with the arguments previousCurator and newCurator.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L485-L488
Event CuratorUpdated(address oldCurator, address newCurator);
address oldCurator = curator; curator = _newCurator;
emit CuratorUpdated(oldCurator, _newCurator);