search

code-423n4 / 2022-09-artgobblers-findings

0 stars 0 forks source link

QA Report #384

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

QA Report for Art Gobblers contest

Overview

During the audit, 1 low and 5 non-critical issues were found.

Title Risk Rating Instance Count
L-1 Large number of elements may cause out-of-gas error Low 6
NC-1 Order of Layout Non-Critical 6
NC-2 Floating pragma Non-Critical 20
NC-3 Missing NatSpec Non-Critical 53
NC-4 Public functions can be external Non-Critical 18
NC-5 Scientific notation may be used Non-Critical 2

Low Risk Findings (1)

L-1. Large number of elements may cause out-of-gas error

Description

Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.

Instances
Recommendation

Restrict the maximum number of elements.

Non-Critical Risk Findings (5)

NC-1. Order of Layout

Description

According to Order of Layout, inside each contract, library or interface, use the following order: 1) Type declarations 2) State variables 3) Events 4) Modifiers 5) Functions

Instances

Events before state variables:

Modifier after constructor:

Recommendation

Place events after state variables, modifier - before constructor.

#

NC-2. Floating pragma

Description

Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Instances

All 20 contracts.

Recommendation

According to SWC-103, pragma version should be locked.

#

NC-3. Missing NatSpec

Description

NatSpec is missing for 53 functions in 8 contracts.

Instances
Recommendation

Add NatSpec for all functions.

#

NC-4. Public functions can be external

Description

If functions are not called by the contract where they are defined, they can be declared external.

Instances
Recommendation

Make public functions external, where possible.

#

NC-5. Scientific notation may be used

Description

For readability, it is better to use scientific notation.

Instances
Recommendation

Replace 10000 with 10e4.

GalloDaSballo commented 2 years ago

L-1. Large number of elements may cause out-of-gas error

Disputed as it's user inflicted, just use less

NC-1. Order of Layout

NC

NC-2. Floating pragma

NC

NC-3. Missing NatSpec

NC

 NC-4. Public functions can be external

NC

NC-5. Scientific notation may be used

Disagree for those instances, it's fine

Missing some heavy hitter reports but not a bad start

4NC