cryptokitties-bounty-2

cryptokitties-bounty-2 copied to clipboard

comment ambiguity about unit of totalCFOEarnings and totalLostAndFoundBalance

2

The comment on lines 14 and 16 in `OffersAccessControl.sol` is ambiguous about the unit of `totalCFOEarnings` and `totalLostAndFoundBalance` which I believe is in wei.

sunsetlover

Payouts for Cancel in ReadMe's payout table can be stated more simply

2

In the ReadMe's payouts matrix, the Cancel column can be stated more simply as: |Cases |Success|Cancel | |---|---|---| |Owner|P|0| |Bidder|0|P| |CFO|T - P| T - P | |Sum|T| T |...

ghost

The maximum CFO offerCut is 50% of T

2

### Description S (offerCut) can only ever be 50% of T (Total). If this is expected behavior, it is unclear that it is so. Even if it is so, it...

ghost

add a similar batchRemoveExpired() for a single address to save gas

4

### Description Every time `.to(address)` is called, it costs around 10,000 gas (see the ethereum yellow paper). If the expired offers that are being removed belonged to the same address,...

sunsetlover

whenFrozen modifier is missing parentheses in declaration

3

### Description In OffersAccessControl.sol, the modifier `whenFrozen` is missing parentheses in its declaration. As such, it is not a valid modifier and will not properly insert the line `require(frozen, "contract...

ghost

add overflow check on _minOfferPrice in fulfillOffer

7

### Description Because of overflow errors, a user could accept an offer much lower than they want. It is possible although probably low risk but potentially high impact. ### Scenario...

sunsetlover

Freeze permissions are less permissive than KittyCore, unable to freeze if CEO unavailable or CEO key lost

2

### Description CryptoKitties Core Contract contains more permissive settings for which accounts can freeze the contract than `Offers.sol`. KittyCore has an `only C-Level` modifier that is accessible to any of...

ghost

Minor gas savings in require statements returning strings

3

### Description Including an optional string comment in a passing require statement increases the gas cost of that transaction. ### Scenario Every require statement in the scope of this bounty...

nicholashc

major gas inefficiency in batchRemoveExpired due to state variable re-write at every iteration

2

### Description In `batchRemoveExpired`, at every iteration `totalCFOEarnings` is updated. Each update corresponds to updating a state variable which costs 5000 gas each time. ### Fix In the beginning of...

sunsetlover

Out of Bounds Error in uint comparison leads to false positives

3

### Description In `Offers.sol`, a require statement compares a uint256 to a uint128. The Solidity compiler will therefore compare not only the actual 128 bits of the variable itself, but...

ghost