Back to 0v3rf10w's contests

Joyn contest - 0v3rf10w's results

Launchpad for collaborative web3 media projects with blueprints, building blocks, and community support.

General Information

Platform: Code4rena

Start Date: 30/03/2022

Pot Size: $30,000 USDC

Total HM: 21

Participants: 38

Period: 3 days

Judge: Michael De Luca

Total Solo HM: 10

Id: 104

League: ETH

Joyn

Findings Distribution

Researcher Performance

Rank: 31/38

Findings: 2

Award: $102.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJoyn

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0v3rf10w, 0x, 0x1f8b, 0xDjango, 0xkatana, BouSalman, Dravee, Hawkeye, IllIllI, Ruhum, WatchPug, defsec, hake, hubble, hyh, kenta, kirk-baird, leastwood, rayn, robee, saian, wuwe1, ych18, z3s

Awards

65.6376 USDC - $65.64

Labels

bug
sponsor confirmed
QA (Quality Assurance)

External Links

Link to GitHub issue

l01: Event emission is missing

CoreCollection.initialize() (core-contracts/contracts/CoreCollection.sol#78-97) should emit an event for:

    - maxSupply = _maxSupply (core-contracts/contracts/CoreCollection.sol#91)

l02: lack of zero checks

CoreCollection.initialize()._splitFactory (core-contracts/contracts/CoreCollection.sol#86) lacks a zero-check on :

            - splitFactory = _splitFactory (core-contracts/contracts/CoreCollection.sol#95)

CoreCollection.setRoyaltyVault()._royaltyVault (core-contracts/contracts/CoreCollection.sol#185) lacks a zero-check on :

            - royaltyVault = _royaltyVault (core-contracts/contracts/CoreCollection.sol#193)

l03: use safe erc20 functions

ERC721Payable._handlePayment() (core-contracts/contracts/ERC721Payable.sol#50-56) ignores return value by payableToken.transferFrom() (core-contracts/contracts/ERC721Payable.sol#54)

consider safeTransferFrom to prevent any locks or loss of funds

#0 - sofianeOuafir

2022-04-14T15:03:14Z

In my opinion, the severity level should be 3 (High Risk) duplicate of #52

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xkatana, Dravee, Funen, Tomio, WatchPug, blackswordsman, defsec, hake, kenta, minhquanym, rayn, rfa, robee, saian, securerodd, ych18, z3s

Awards

37.2358 USDC - $37.24

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

g01:

use prefix instead of postfix, ++i is preferred instead of i++ corefactory.sol l#79 corecollection.sol l#279

g02:

use !=0 instead of > for unsigned integers corecollection.sol l#161

royaltyvault.sol l#35 mintfee>0 should be mintfee!=0

g03:

use prefix to save gas corecollection.sol l#264 change

tokenId = ((startingIndex + totalSupply()) % maxSupply) + 1;

to

tokenId = ++((startingIndex + totalSupply()) % maxSupply);

g04:

Not prefer using floating pragma, fixed to some version 0.8.10 or 0.8.4

g05:

Change public visiliblitiy to external visibility to save gas

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter