harsh
@harsh
100 USDC for running your .sol files through our new tool (swarm.0xmacro.com) to find vulnerabilities, and classify which ones were accurate and which were false positives / irrelevant. @bountybot
11 replies
0 recast
4 reactions
datadanne
@datadanne.eth
I ran a set of contracts (~2500 LOC) that are already deployed through it. It reported 3 medium risk issues, 18 low risk issues, 51 code quality issues and 37 gas optimizations. All three medium risk issues were false positives/irrelevant imo, will reply below with details
2 replies
0 recast
1 reaction
datadanne
@datadanne.eth
1) Centralization issue caused by admin privileges This one feels irrelevant to me, I made an active choice to use an ownable contract. I guess it makes sense that it is a medium risk for users of the project though
1 reply
0 recast
1 reaction
datadanne
@datadanne.eth
2) It's possible to mint to address(0) This is a false positive, there is no mint function that accepts a to argument, it always mints to msg.sender
1 reply
0 recast
1 reaction
datadanne
@datadanne.eth
3) Dangerous use of mint instead of safeMint This is a false positive, the contract has a private function called _mint that is called in two places which is what's reported, but the _mint function calls safeMint.
1 reply
0 recast
1 reaction
datadanne
@datadanne.eth
A couple of the low risk issues are legit things that would be nice to fix though, and all the gas optimization improvements are legit!
1 reply
0 recast
1 reaction
datadanne
@datadanne.eth
Low risk issues that are false positives: 3) External calls in an unbounded loop can result in a DoS There's a `if (length > X) revert Invalid()` check on the line before the loop for one of the instances that were reported. All external calls are also to a contract that is set by the contract owner, so less risk
1 reply
0 recast
1 reaction