Open code423n4 opened 2 years ago
2022-06-nibbl
The following parameters are array and the length of them must be checked before executing a function if the length is the same or not.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
require(a.length == b.length, “error message”);
transfer is used to send ERC20 tokens. The return value must be checked if the transfer is successful or not. Otherwise, safeTrasfer must be used as an alternative.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L517 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L526 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L87 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L94
Consider using safeTransfer or check the return value of the transfer.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L80
(bool success, )= receivingAddress.call{value:amount}(""); require(success, “Error message”);
Curator is a state variable. Event could be emitted in updateCurator with the arguments previousCurator and newCurator.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L485-L488
Event CuratorUpdated(address oldCurator, address newCurator);
address oldCurator = curator; curator = _newCurator;
emit CuratorUpdated(oldCurator, _newCurator);
Merging with https://github.com/code-423n4/2022-06-nibbl-findings/issues/179
Good best practices to follow.
2022-06-nibbl
1 missing validations for the length of arrays.
The following parameters are array and the length of them must be checked before executing a function if the length is the same or not.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
require(a.length == b.length, “error message”);
2 use safeTransfer instead of transfer or check the return value of the transfer
transfer is used to send ERC20 tokens. The return value must be checked if the transfer is successful or not. Otherwise, safeTrasfer must be used as an alternative.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L517 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L526 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L87 https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L94
Consider using safeTransfer or check the return value of the transfer.
3 use receivingAddress.call{value: amount}(""); instead of transfer
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L80
(bool success, )= receivingAddress.call{value:amount}(""); require(success, “Error message”);
4 missing event for updateCurator.
Curator is a state variable. Event could be emitted in updateCurator with the arguments previousCurator and newCurator.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L485-L488
Event CuratorUpdated(address oldCurator, address newCurator);
address oldCurator = curator; curator = _newCurator;
emit CuratorUpdated(oldCurator, _newCurator);