Platform: Code4rena
Start Date: 11/08/2022
Pot Size: $40,000 USDC
Total HM: 8
Participants: 108
Period: 4 days
Judge: hickuphh3
Total Solo HM: 2
Id: 152
League: ETH
Rank: 9/108
Findings: 2
Award: $1,176.40
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0xHarry, peritoflores
https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/mixins/nftDropMarket/NFTDropMarketFixedPriceSale.sol#L210-L216 https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/mixins/shared/MarketFees.sol#L125-L136
In MarketFees _distributeFunds iterates over an array of creatorRecipients and send each creator his share in ether. Every call is given a gas limit to not inflate the gas used. In this for loop however, each creator gets the gas limit of multiple Recipients.
// Pay the creator(s) unchecked { // @audit could be an unbound for loop and run out of gas for (uint256 i = 0; i < creatorRecipients.length; ++i) { _sendValueWithFallbackWithdraw( creatorRecipients[i], creatorShares[i], // @audit is only one recipient wrong gas limit used SEND_VALUE_GAS_LIMIT_MULTIPLE_RECIPIENTS ); // Sum the total creator rev from shares // creatorShares is in ETH so creatorRev will not overflow here. creatorRev += creatorShares[i]; } }
This could easily inflate the gas used and if the array is big enough can fill up the block gas limit and therefore fail the call
mixins/nftDropMarket/NFTDropMarketFixedPriceSale.sol#L210-L216 mixins/shared/MarketFees.sol#L125-L136
manual analysis.
change SEND_VALUE_GAS_LIMIT_MULTIPLE_RECIPIENTS to SEND_VALUE_GAS_LIMIT_SINGLE_RECIPIENT
#0 - HardlyDifficult
2022-08-18T18:24:25Z
🌟 Selected for report: Dravee
Also found by: 0x040, 0x1f8b, 0xDjango, 0xHarry, 0xNazgul, 0xSmartContract, 0xbepresent, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DevABDee, Diraco, ElKu, Fitraldys, Funen, IllIllI, JC, LeoS, Metatron, MiloTruck, Noah3o6, ReyAdmirado, Rohan16, Rolezn, Saw-mon_and_Natalie, Sm4rty, SpaceCake, TomJ, Tomio, Trabajo_de_mates, Waze, Yiko, __141345__, ajtra, apostle0x01, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, d3e4, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, hakerbaya, ignacio, jag, joestakey, ladboy233, medikko, mics, newfork01, oyc_109, pfapostol, robee, rvierdiiev, sach1r0, saian, samruna, sikorico, simon135, wagmi, zeesaw, zkhorse, zuhaibmohd
20.5997 USDC - $20.60
Storage variables should be loaded into memory if they are read multiple times and before applying side effects.
This can be done with:
versionNFTCollection in https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/NFTCollectionFactory.sol#L202-L218
and
versionNFTDropCollection in https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/NFTCollectionFactory.sol#L226-L247
#0 - HardlyDifficult
2022-08-17T18:52:26Z
Agree, but since these are rarely called admin functions we won't be making the change. I prefer to keep the code simple.