Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Protocol uses assembly not commented

aballok

Summary

The protocol makes use of assembly in Proxy.sol

Vulnerability Details

Although this is not an attacker vector, it may introduce problems in the protocol as not all Solidity developers or event auditors understand assembly. Weirdly I have seen this as Low and QA in some reports.

Impact

Consider the following cases

Developer takes over project maintenance tries to update this code to suit what they have seen elsewhere by seeing patterns and not necessarily understanding the code and so introduce errors
Auditor not checking if this code is robust and therefore missing errors in Proxy.sol

Tools Used

Manual Analysis

Recommendations

Recommended the code be commented to explain every part of the assembly, why it is preferred, make use of Natspec

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.