Back to ACai's contests

Nouns DAO contest - ACai's results

A DAO-driven NFT project on Ethereum.

General Information

Platform: Code4rena

Start Date: 22/08/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 160

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 155

League: ETH

Nouns DAO

Findings Distribution

Researcher Performance

Rank: 126/160

Findings: 1

Award: $16.66

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNouns DAO

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, ACai, Amithuddar, Aymen0909, Ben, BipinSah, Bjorn_bug, Bnke0x0, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, DevABDee, DimitarDimitrov, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, GalloDaSballo, GimelSec, Guardian, IgnacioB, JC, JohnSmith, Junnon, KIntern_NA, Lambda, LeoS, Noah3o6, Olivierdem, Polandia94, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, SaharAP, Saintcode_, SerMyVillage, Shishigami, Sm4rty, SooYa, TomJ, Tomio, Tomo, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, catchup, ch0bu, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, francoHacker, gogo, hyh, ignacio, jag, joestakey, karanctf, ladboy233, lucacez, lukris02, m_Rassska, martin, medikko, mics, mrpathfindr, natzuu, newfork01, oyc_109, pauliax, peritoflores, pfapostol, prasantgupta52, rbserver, ret2basic, rfa, robee, rokinot, rotcivegaf, rvierdiiev, sach1r0, saian, samruna, seyni, shark, shr1ftyy, sikorico, simon135, sryysryy, tay054, tnevler, wagmi, zishansami

Awards

16.6568 USDC - $16.66

Labels

bug
G (Gas Optimization)
old-submission-method

External Links

Link to GitHub issue

The scope of this report is NounsDAOLogicV1.sol .

propose function

Original code:

require(
    targets.length == values.length &&
        targets.length == signatures.length &&
        targets.length == calldatas.length,
    'NounsDAO::propose: proposal function information arity mismatch'
);
require(targets.length != 0, 'NounsDAO::propose: must provide actions');
require(targets.length <= proposalMaxOperations, 'NounsDAO::propose: too many actions');

It is recommended to change to:

uint256 targetsLen = targets.length;
uint256 valuesLen = values.length;
uint256 signaturesLen = signatures.length;
uint256 calldatasLen = calldatas.length;

require(
    targetsLen == valuesLen &&
        targetsLen == signaturesLen &&
        targetsLen == calldatasLen,
    'NounsDAO::propose: proposal function information arity mismatch'
);
require(targetsLen != 0, 'NounsDAO::propose: must provide actions');
require(targetsLen <= proposalMaxOperations, 'NounsDAO::propose: too many actions');

queue, execute, cancel, veto functions

Original code:

for (uint256 i = 0; i < proposal.targets.length; i++) {
    ...
}

It is recommended to change to:

uint256 targetsLen = proposal.targets.length;
for (uint256 i = 0; i < targetsLen; i++) {
    ...
}

castVoteBySig, castVote, castVoteWithReason functions

Original code:

emit VoteCast(signatory, proposalId, support, castVoteInternal(signatory, proposalId, support), '');

It is recommended to change to:

uint96 votes = castVoteInternal(signatory, proposalId, support);
emit VoteCast(signatory, proposalId, support, votes, '');
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter