Platform: Code4rena
Start Date: 30/03/2022
Pot Size: $30,000 USDC
Total HM: 21
Participants: 38
Period: 3 days
Judge: Michael De Luca
Total Solo HM: 10
Id: 104
League: ETH
Rank: 36/38
Findings: 1
Award: $39.65
🌟 Selected for report: 0
🚀 Solo Findings: 0
39.6506 USDC - $39.65
Every reason string takes at least 32 bytes. Use short reason strings that fits in 32 bytes or it will become more expensive.
##Tool Used Manual Review
Occurance :
CoreCollection.sol CoreFactory.sol ERC721Claimable.sol RoyaltyVault.sol
uint i for saving gas##Tool Used Manual Review
#POC
it unnecessary value set. the default value of uint is zero, so that implementation below can be used for saving gas. , so it can be set uint i instead of uint i = 0
##Occurance This was another occurance
core-contracts/contracts/Splitter.sol#L50 core-contracts/contracts/Splitter.sol#L274 core-contracts/contracts/MultiSigWallet.sol#L98 core-contracts/contracts/MultiSigWallet.sol#L127 core-contracts/contracts/MultiSigWallet.sol#L147 core-contracts/contracts/MultiSigWallet.sol#L268 core-contracts/contracts/MultiSigWallet.sol#L314 core-contracts/contracts/MultiSigWallet.sol#L330
Using i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.
Manual Review
core-contracts/contracts/CoreCollection.sol#L279 core-contracts/contracts/CoreFactory.sol#L79 core-contracts/contracts/MultiSigWallet.sol#L127 core-contracts/contracts/MultiSigWallet.sol#L147
calldata instead of memory for saving gashttps://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/core-contracts/contracts/CoreFactory.sol#L72
instead of caching in memory, it better to used calldata .
Deployment Core Factory 1202872 before 
 1192707 after
##Tool Used Manual Review, Visual Studio Code
##Recommendation Mitigation
Collection[] calldata _collections
https://github.com/code-423n4/2022-03-joyn/blob/main/core-contracts/contracts/CoreCollection.sol#L303-L308 this implementation below can be used for saving more gas
Deploy CoreCollection 3070877 before 3070229 after
##Tool used Visual Studio Code & Manual Review
##Recommended Mitigation Steps
if (royaltyVault != address(0) && IRoyaltyVault(royaltyVault).getVaultBalance() > 0 ) { IRoyaltyVault(royaltyVault).sendToSplitter(); }
change to
if (royaltyVault != address(0)){ }else{ IRoyaltyVault(royaltyVault).getVaultBalance() > 0; } IRoyaltyVault(royaltyVault).sendToSplitter(); }
> instead of >= for saving more gas##Impact expensive gas
##Tool Used Visual Studio Code
##Recommendation Mitigation Steps
use >
SafeERC20 function for saving more gashttps://github.com/code-423n4/2022-03-joyn/blob/main/core-contracts/contracts/CoreMultiSig.sol
##Impact Expensive gas
##POC https://docs.openzeppelin.com/contracts/3.x/api/token/erc20#SafeERC20
##Tool Used Manual Review
##Reccomendation Mitigation Steps
by do not declaring using SafeERC20 for IERC20; and used safeTransfer
immutable for saving gas##Impact Expensive gas
##POC https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/royalty-vault/contracts/ProxyVault.sol#L9 this value can be set as immutable for saving gas.
##Tool Used Visual Studio Code
##Recommendation Mitigation
address internal immutable royaltyVault;
constant for saving gas##Impact Expensive gas
##POC
https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/royalty-vault/contracts/RoyaltyVaultFactory.sol#L27-L28
since platformFee and platformFeeRecipient was set, it can be set as constant instead, for saving gas.
##Tool Used Visual Studio Code
##Recommended Mitigation
platformFee and platformFeeRecipient set as constant