Joyn contest - 0x1f8b's results

Launchpad for collaborative web3 media projects with blueprints, building blocks, and community support.

General Information

Platform: Code4rena

Start Date: 30/03/2022

Pot Size: $30,000 USDC

Total HM: 21

Participants: 38

Period: 3 days

Judge: Michael De Luca

Total Solo HM: 10

Id: 104

League: ETH

Joyn

Findings Distribution

Researcher Performance

Rank: 32/38

Findings: 2

Award: $100.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Joyn

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0v3rf10w, 0x, 0x1f8b, 0xDjango, 0xkatana, BouSalman, Dravee, Hawkeye, IllIllI, Ruhum, WatchPug, defsec, hake, hubble, hyh, kenta, kirk-baird, leastwood, rayn, robee, saian, wuwe1, ych18, z3s

Awards

62.5891 USDC - $62.59

Labels

bug

sponsor confirmed

QA (Quality Assurance)

External Links

Link to GitHub issue

There are a lack of input checks around the contracts:

CoreCollection.sol#L88-L96
CoreCollection.sol#L125-L126
CoreCollection.sol#L193 and CoreCollection.sol#L209 could be critical because only can be assigned once.
CoreFactory.sol#L28-L29

It was found some transfer, approve or transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of approve methods.

#0 - sofianeOuafir
2022-04-15T16:06:28Z

duplicate of #52

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xkatana, Dravee, Funen, Tomio, WatchPug, blackswordsman, defsec, hake, kenta, minhquanym, rayn, rfa, robee, saian, securerodd, ych18, z3s

Awards

38.2882 USDC - $38.29

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

It's possible to optimize the following structs in order to save storage slots:

Collection.sol#L5

struct Collection {
    bool isForSale;
    uint256 maxSupply;
    uint256 mintFee;
    string baseURI;
    string name;
    string symbol;
    string id;
    bytes32 claimsMerkleRoot;
    address payableToken; // <- Move close to isForSale
}

MultiSigWallet.sol#L32-L36

struct Transaction {
    address destination;
    uint256 value;
    bytes data;
    bool executed; // <- move close to address
}

Change the incremental logic from i++ to ++i in order to save some opcodes:

It's possible to avoid storage access a save gas using immutable keyword for the following variables:

Use delete instead of set to default value (false or 0)

It's compared a boolean value using == true or == false, instead of using the boolean value, or NOT opcode, it's cheaper to use NOT when the value it's false, or just the value without == true, when it's true, because it will use less opcode inside the VM.

Joyn contest - 0x1f8b's results

Launchpad for collaborative web3 media projects with blueprints, building blocks, and community support.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-10] QA Report - $62.59

Findings Information

Awards

Labels

External Links

#0 - sofianeOuafir2022-04-15T16:06:28Z

[G-06] Gas Report - $38.29

Findings Information

Awards

Labels

External Links

#0 - sofianeOuafir
2022-04-15T16:06:28Z