harsh
@harsh
100 USDC for running your .sol files through our new tool (swarm.0xmacro.com) to find vulnerabilities, and classify which ones were accurate and which were false positives / irrelevant. @bountybot
11 replies
0 recast
6 reactions
Ivyroot
@ivyroot
I ran a WIP version of a game with a minting component through it just now and got 3 medium, 10 low, 33 code quality, and 21 gas optimizations. M-01: centralization by using ownable. Would love to know an alternate suggestion for this. M-02: user excess funds not refunded. Great point, didn't think of that...
4 replies
0 recast
1 reaction
Ivyroot
@ivyroot
M-03: transfer/send may fail in some scenarios. Great callout but i was aware of that and one is to a known contract and the other is in a withdraw method so i think a false positive. L-01: Missing limits when setting min/max amounts. 4 occurrences reported but only 1 is a max or min so 75% false positive.
0 reply
0 recast
1 reaction
Ivyroot
@ivyroot
L-02: Unsafe downcast may overflow. This is inside bitpacking logic, false positive. L-03: onlyOwner not accessible if owner renounces. That's the point right? L-04: Solidity version 0.8.20 may not work on other chains. Very interesting but the line is "pragma solidity ^0.8.19;" oops.
0 reply
0 recast
1 reaction
Ivyroot
@ivyroot
L-05: missing check for address 0. I think this is medium, great catch. L-06: Loss of precision on division. Not sure what this means beyond the obvious. L-07: consider using ownable 2 step. Aha! news to me.
0 reply
0 recast
1 reaction
Ivyroot
@ivyroot
will stop here for now, can give more reactions in DM if you would like. Overall, enough of the feedback is helpful for this to be useful. Most of the false positives were a useful guide to best practices for me, confirmation if i knew the issue, educational otherwise.
0 reply
0 recast
1 reaction
