BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Consolidated Low-Risk Issues Identified Across BriVault Contract

xcryptoguardian

Table of Contents

Low Issues

L-1: Centralization Risk

Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.

5 Found Instances

  • Found in src/briTechToken.sol Line: 7

    contract BriTechToken is ERC20, Ownable {

  • Found in src/briTechToken.sol Line: 10

    function mint() public onlyOwner {

  • Found in src/briVault.sol Line: 13

    contract BriVault is ERC4626, Ownable {

  • Found in src/briVault.sol Line: 110

    function setCountry(string[48] memory countries) public onlyOwner {

  • Found in src/briVault.sol Line: 122

    ) public onlyOwner returns (string memory) {

L-2: Unspecific Solidity Pragma

Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.0;, use pragma solidity 0.8.0;

2 Found Instances

  • Found in src/briTechToken.sol Line: 2

    pragma solidity ^0.8.24;

  • Found in src/briVault.sol Line: 3

    pragma solidity ^0.8.24;

L-3: Address State Variable Set Without Checks

Check for address(0) when assigning values to address state variables.

1 Found Instances

  • Found in src/briVault.sol Line: 93

    participationFeeAddress = _participationFeeAddress;

L-4: Public Function Not Used Internally

If a function is marked public but is not used internally, consider marking it as external.

6 Found Instances

  • Found in src/briTechToken.sol Line: 10

    function mint() public onlyOwner {

  • Found in src/briVault.sol Line: 110

    function setCountry(string[48] memory countries) public onlyOwner {

  • Found in src/briVault.sol Line: 120

    function setWinner(

  • Found in src/briVault.sol Line: 178

    function getWinner() public view returns (string memory) {

  • Found in src/briVault.sol Line: 255

    function joinEvent(uint256 countryId) public {

  • Found in src/briVault.sol Line: 285

    function cancelParticipation() public {

L-5: Empty require() / revert() Statement

Use descriptive reason strings or custom errors for revert paths.

1 Found Instances

  • Found in src/briVault.sol Line: 219

    require(receiver != address(0));

L-6: PUSH0 Opcode

Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail.

2 Found Instances

  • Found in src/briTechToken.sol Line: 2

    pragma solidity ^0.8.24;

  • Found in src/briVault.sol Line: 3

    pragma solidity ^0.8.24;

L-7: Modifier Invoked Only Once

Consider removing the modifier or inlining the logic into the calling function.

1 Found Instances

  • Found in src/briVault.sol Line: 98

    modifier winnerSet() {

L-8: Large Numeric Literal

Large literal values multiples of 10000 can be replaced with scientific notation.Use e notation, for example: 1e18, instead of its full numeric value.

2 Found Instances

  • Found in src/briTechToken.sol Line: 11

    _mint(owner(), 10_000_000 * 1e18);

  • Found in src/briVault.sol Line: 18

    uint256 constant BASE = 10000;

L-9: Unused Error

Consider using or removing the unused error.

1 Found Instances

  • Found in src/briVault.sol Line: 61

    error notRegistered();

L-10: Local Variable Shadows State Variable

Rename the local variable that shadows another state variable.

1 Found Instances

  • Found in src/briVault.sol Line: 79

    IERC20 _asset,

L-11: Storage Array Length not Cached

Calling .length on a storage array in a loop condition is expensive. Consider caching the length in a local variable in memory before the loop and reusing it.

1 Found Instances

  • Found in src/briVault.sol Line: 199

    for (uint256 i = 0; i < usersAddress.length; ++i) {

L-12: Costly operations inside loop

Invoking SSTORE operations in loops may waste gas. Use a local variable to hold the loop computation result.

2 Found Instances

  • Found in src/briVault.sol Line: 111

    for (uint256 i = 0; i < countries.length; ++i) {

  • Found in src/briVault.sol Line: 199

    for (uint256 i = 0; i < usersAddress.length; ++i) {

L-13: State Variable Could Be Immutable

State variables that are only changed in the constructor should be declared immutable to save gas. Add the immutable attribute to state variables that are only changed in the constructor

5 Found Instances

  • Found in src/briVault.sol Line: 16

    uint256 public participationFeeBsp;

  • Found in src/briVault.sol Line: 23

    address private participationFeeAddress;

  • Found in src/briVault.sol Line: 25

    uint256 public eventStartDate;

  • Found in src/briVault.sol Line: 27

    uint256 public eventEndDate;

  • Found in src/briVault.sol Line: 46

    uint256 public minimumAmount;

L-14: Unchecked Return

Function returns a value but it is ignored. Consider checking the return value.

2 Found Instances

  • Found in src/briVault.sol Line: 138

    _getWinnerShares();

  • Found in src/briVault.sol Line: 140

    _setFinallizedVaultBalance();
Updates

Appeal created

bube Lead Judge 21 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!