PartyDAO contest - JC's results

A protocol for buying, using, and selling NFTs as a group.

General Information

Platform: Code4rena

Start Date: 12/09/2022

Pot Size: $75,000 USDC

Total HM: 19

Participants: 110

Period: 7 days

Judge: HardlyDifficult

Total Solo HM: 9

Id: 160

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 26/110

Findings: 2

Award: $165.86

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository PartyDAO

Findings Information

🌟 Selected for report: Lambda

Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xDanielC, 0xNazgul, 0xSmartContract, 0xbepresent, Anth3m, Aymen0909, B2, CRYP70, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Funen, JC, JansenC, Jeiwan, KIntern_NA, MasterCookie, MiloTruck, Olivierdem, PaludoX0, R2, RaymondFam, ReyAdmirado, StevenL, The_GUILD, Tomo, Trust, V_B, __141345__, asutorufos, ayeslick, bin2chen, brgltd, bulej93, c3phas, cccz, ch0bu, cryptphi, csanuragjain, d3e4, delfin454000, djxploit, erictee, fatherOfBlocks, gogo, hansfriese, indijanc, ladboy233, leosathya, lukris02, malinariy, martin, pedr02b2, pfapostol, rvierdiiev, slowmoses, smiling_heretic, tnevler, wagmi

Awards

82.3371 USDC - $82.34

Labels

bug

low quality report

QA (Quality Assurance)

sponsor disputed

External Links

Link to GitHub issue

Summary

L-01 Unused receive() function will lock Ether in contract (2 instances) L-02 require() should be used instead of assert() (9 instances) L-03 Unsafe ERC20 Operations (3 instances) L-04 Unspecific Compiler Version Pragma (40 instances) L-05 Unnecessary transferFrom() function (1 instance) L-06 Duplicate safeTransferFrom() function (1 instance)

N-01 Adding a return statement when the function defines a named return variable, is redundant (1 instance) N-02 public functions not called by the contract should be declared external instead (20 instances) N-03 type(uint<n>).max should be used instead of uint<n>(-1) (3 instances) N-04 constants should be defined rather than using magic numbers (8 intances) N-05 Use a more recent version of solidity (46 instances) N-06 File is missing NatSpec (8 instances) N-07 NatSpec is incomplete (2 instances) N-08 Event is missing indexed fields (14 instances) N-09 uint256 is assigned to zero by default, additional reassignment to zero is unnecessary (10 instances)

Total: 168 instance in 15 issues.

L-01 Unused receive() function will lock Ether in contract

If the intention is for the Ether to be used, the function should call another function, otherwise it should revert

2 instances in 2 files:

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L144

contracts/party/Party.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/Party.sol#L47

L-02 require() should be used instead of assert()

9 instances in 7 files:

contracts/proposals/FractionalizeProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/FractionalizeProposal.sol#L67

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L385 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L411

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L142

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L120

contracts/party/PartyGovernanceNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L179

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L504

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L221 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L302

L-03 Unsafe ERC20 Operation(s)

ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. It is therefore recommended to always either use OpenZeppelin's SafeERC20 library or at least to wrap each operation in a require statement, as seen in https://github.com/byterocket/c4-common-issues/blob/main/2-Low-Risk.md#l001---unsafe-erc20-operations

3 instances in 3 files:

contracts/utils/LibERC20Compat.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/LibERC20Compat.sol#L11-L31

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L386

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L505

L-04 Unspecific Compiler Version Pragma

Avoid floating pragmas for non-library contracts, as seen in https://github.com/byterocket/c4-common-issues/blob/main/2-Low-Risk.md#l003---unspecific-compiler-version-pragma

40 instances (all files less Libraries's)

L-05 Unnecessary transferFrom() function

transferFrom() function is followed by safeTransferFrom() function in the contract PartyGovernanceNFT.sol OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible Given that any NFT can be used for the call option, there are a few NFTs that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom()

1 instance:

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L136

L-06 Duplicate safeTransferFrom() function

safeTransferFrom() function is edited twice in the contract PartyGovernanceNFT.sol with exact same parameters, I believe an error with copy/paste.

Recommandation: Delete one version of this function.

1 instance (x2): https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L147-L155 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L158-L166

N-01 Adding a return statement when the function defines a named return variable, is redundant

1 instance in 1 file:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L876

N-02 public functions not called by the contract should be declared external instead

Contracts are allowed to override their parents’ functions and change the visibility from external to public. https://docs.soliditylang.org/en/latest/contracts.html#function-overriding

20 instances in 6 files:

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L139 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L191 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L250

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L262

contracts/party/PartyGovernanceNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L67 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L77 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L88 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L137 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L148 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L159

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L324 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L362 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L395 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L423 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L563

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L168 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L192 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L213 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L251

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L150

N-03 type(uint<n>).max should be used instead of uint<n>(-1)

Earlier versions of solidity can use uint<n>(-1) instead. Expressions not including the - 1 can often be re-written to accomodate the change (e.g. by using a > rather than a >=, which will also save some gas)

3 instances in 2 files:

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L261

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L190 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1033

N-04 constants should be defined rather than using magic numbers

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L112

8 intances in 2 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L280 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L283 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1078

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L129 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L132 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L135 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L370 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L374

N-05 Use a more recent version of solidity

Use a solidity version of at least 0.8.2 to get compiler automatic inlining. Use a solidity version of at least 0.8.3 to get better struct packing and cheaper multiple storage reads. Use a solidity version of at least 0.8.4 to get custom errors, which are cheaper at deployment than revert()/require() strings. Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value. Use a solidity version of at least 0.8.12 to get string.concat() instead of abi.encodePacked(<str>,<str>). Use a solidity version of at least 0.8.13 to get the ability to use using for with a list of free functions. Use a solidity version of at least 0.8.14 to get bytes.concat() instead of abi.encodePacked(<bytes>,<bytes>)

46 instances (all files in scope):

N-06 File is missing NatSpec

8 instances:

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/globals/Globals.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/vendor/IOpenseaConduitController.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/tokens/IERC20.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/globals/IGlobals.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/tokens/IERC721.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/vendor/FractionalV1.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/tokens/IERC1155.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/vendor/IOpenseaExchange.sol

N-07 NatSpec is incomplete

2 instances

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/vendor/markets/IZoraAuctionHouse.sol

N-08 Event is missing indexed fields

Each event should use three indexed fields if there are three or more fields.

14 instances in 6 files:

contracts/proposals/FractionalizeProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/FractionalizeProposal.sol#L22-L27

contracts/proposals/ArbitraryCallsProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L35

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L45-L51

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L151-L154 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L156-L159 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L162 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L165 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L167

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L82 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L83

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L63-L69 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L71-L75 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L77-L81 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L84-L96

N-09 uint256 is assigned to zero by default, additional reassignment to zero is unnecessary

https://docs.soliditylang.org/en/v0.8.13/control-structures.html#default-value

10 instances in 5 files:

contracts/proposals/LibProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L14 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L32

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L230 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L239

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L432

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L180 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L242 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L300 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L348

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L291

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler

Awards

83.5182 USDC - $83.52

Labels

bug

G (Gas Optimization)

low quality report

sponsor acknowledged

External Links

Link to GitHub issue

Summary

G-01 Use simple comparison in trinary logic / in if statement (5 instances) G-02 Multiple address mappings can be combined into a single mapping of an address to a struct, where appropriate (3 instances) G-03 State variables only set in the constructor should be declared immutable (2 instances) G-04 State variables can be packed into fewer storage slots (2 instances) G-05 Using calldata instead of memory for read-only arguments in external functions saves gas (40 instances) G-06 Expressions for constant values such as a call to keccak256(), should use immutable rather than constant (3 instances) G-07 <x> += <y> costs more gas than <x> = <x> + <y> for state variables (7 instances) G-08 internal functions only called once can be inlined to save gas (21 instances) G-09 Cache array length before loop (11 instances) G-10 ++i/i++ should be unchecked{++i}/unchecked{i++} (9 instances) G-11 Use calldata instead of memory for function parameters (59 instances) G-12 keccak256() should only need to be called on a specific string literal once (9 instances) G-13 Public functions to external (20 instances) G-14 Using bools for storage incurs overhead (5 instances) G-15 Use a more recent version of solidity (46 instances) G-16 Use != 0 instead of > 0 (2 instances) G-17 Redundant zero initialization (10 instances) G-18 Empty blocks should be removed or emit something (3 instances) G-19 Bitshift for multiple / divide by 2 (1 instance) G-20 Usage of uints/ints smaller than 32 bytes (256 bits) incurs overhead (129 instances) G-21 abi.encode() is less efficient than abi.encodePacked() (5 instances) G-22 Don’t compare boolean expressions to boolean literals (4 instances)

Total: 396 instances in 22 issues

G-01 Use simple comparison in trinary logic / in if statement (>=)

The comparison operators >= and <= use more gas than >, <, or ==. Replacing the >= and ≤ operators with a comparison operator that has an opcode in the EVM saves gas. Recommended Mitigation Steps: Replace the comparison operator and reverse the logic to save gas using the suggestions above.

5 instances in 4 files:

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L159

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L350 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L423

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L276

contracts/proposals/ArbitraryCallsProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L156

G-02 Multiple address mappings can be combined into a single mapping of an address to a struct, where appropriate

Saves a storage slot for the mapping. Depending on the circumstances and sizes of types, can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent writes can also be cheaper when a function requires both values and they both fit in the same storage slot.

3 instances in 3 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L206-L209

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L111-L115

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L206-L209

G-03 State variables only set in the constructor should be declared immutable

Avoids a Gsset (20000 gas) in the constructor, and replaces each Gwarmacces (100 gas) with a PUSH32 (3 gas).

2 instances in 2 files:

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L104

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L67

G-04 State variables can be packed into fewer storage slots

Solidity contracts have contiguous 32 bytes (256 bits) slots used in storage. By arranging the variables, it is possible to minimize the number of slots used within a contract’s storage and therefore reduce deployment costs. address type variables are each of 20 bytes size (way less than 32 bytes). However, they here take up a whole 32 bytes slot (they are contiguous). As bool type variables are of size 1 byte, there’s a slot here that can get saved by moving them closer to an address

2 instances in 2 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L196-L215

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L85-L115

G-05 Using calldata instead of memory for read-only arguments in external functions saves gas

When a function with a memory array is called externally, the abi.decode() step has to use a for-loop to copy each index of the calldata to the memory index. Each iteration of this for-loop costs at least 60 gas (i.e. 60 * <mem_array>.length). Using calldata directly, obliviates the need for such a loop in the contract code and runtime execution. Structs have the same overhead as an array of length one

40 instances in 22 files:

contracts/utils/ReadOnlyDelegateCall.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/ReadOnlyDelegateCall.sol#L8 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/ReadOnlyDelegateCall.sol#L18

contracts/party/Party.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/Party.sol#L33

contracts/party/PartyFactory.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyFactory.sol#L28 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyFactory.sol#L29 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyFactory.sol#L30

contracts/crowdfund/BuyCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L68

contracts/crowdfund/CrowdfundNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundNFT.sol#L115 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundNFT.sol#L120

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L526 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L655 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L656 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L657

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L110 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L196

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L116

contracts/gatekeepers/IGateKeeper.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/gatekeepers/IGateKeeper.sol#L14

contracts/tokens/IERC721Receiver.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/tokens/IERC721Receiver.sol#L10

contracts/party/IPartyFactory.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/IPartyFactory.sol#L28 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/IPartyFactory.sol#L29

contracts/proposals/IProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/IProposalExecutionEngine.sol#L18 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/IProposalExecutionEngine.sol#L29

contracts/tokens/IERC721Receiver.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/tokens/IERC721Receiver.sol#L10

contracts/gatekeepers/IGateKeeper.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/gatekeepers/IGateKeeper.sol#L14

contracts/party/Party.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/Party.sol#L33

contracts/crowdfund/BuyCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L68 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L102

G-06 Expressions for constant values such as a call to keccak256(), should use immutable rather than constant

See this issue for a detail description of the issue https://github.com/ethereum/solidity/issues/9232

3 instances in 2 files:

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L80

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L58 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L59

G-07 <x> += <y> costs more gas than <x> = <x> + <y> for state variables

7 instances in 2 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L595

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L243 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L352 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L355 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L359 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L374 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L411 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L427

G-08 internal functions only called once can be inlined to save gas

Not inlining costs 20 to 40 gas because of two extra JUMP instructions and additional stack operations needed for function calls.

21 instances in 8 files:

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L205-L208 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L37-L41 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L283-L287

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L78-L82 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L129-L141

contracts/party/PartyGovernanceNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L49-L57

contracts/crowdfund/CrowdfundNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundNFT.sol#L39-L41

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L271-L276 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L848-L851 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L881-L887 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L890-L891 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1105-L1111

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L262-L269 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L306-L313 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L322-L325 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L339-L342 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L378-L385

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L123-L127

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L70-L71 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L90-L100 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L166-L170

G-09 Cache array length before loop (see <array>.length)

Reading array length at each iteration of the loop takes 6 gas (3 for mload and 3 to place memory_offset) in the stack. Caching the array length in the stack saves around 3 gas per iteration. I suggest storing the array’s length in a variable before the for-loop, and use it instead

11 instances in 6 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L306

contracts/crowdfund/CollectionBuyCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L62

G-10 ++i should be unchecked{++i}

++i should be unchecked{++i} when it is not possible for them to overflow, as is the case when used in for- and while-loops

The unchecked keyword is new in solidity version 0.8.0, so this only applies to that version or higher, which these instances are. This saves 30-40 gas PER LOOP

9 instances in 4 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L306

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L291

G-11 Use calldata instead of memory for function parameters

Having function arguments use calldata instead of memory can save gas.

Recommended Mitigation Steps: Change function arguments from memory to calldata.

59 instances in 10 files:

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L331 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L390

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L116 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L205 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L228

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L79

contracts/party/PartyGovernanceNFT.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L50 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L51 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L52 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L53 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L54

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L124 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L243 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L244 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L328

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L70 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L96

G-12 keccak256() should only need to be called on a specific string literal once

It should be saved to an immutable variable, and the variable used instead. If the hash is being used as a part of a function selector, the cast to bytes4 should also only be done once

9 instances in 3 files:

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L145 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L150 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L178

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L412 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1114 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1118 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1122

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L331 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L333

G-13 Public functions to external

Contracts are allowed to override their parents’ functions and change the visibility from external to public and can save gas by doing so. https://docs.soliditylang.org/en/latest/contracts.html#function-overriding

20 instances in 6 files:

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L262

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L150

G-14 Using bools for storage incurs overhead

Booleans are more expensive than uint256 or any type that takes up a full word because each write operation emits an extra SLOAD to first read the slot's contents, replace the bits taken up by the boolean, and then write back. This is the compiler's defense against contract upgrades and pointer aliasing, and it cannot be disabled. https://github.com/OpenZeppelin/openzeppelin-contracts/blob/58f635312aa21f947cae5f8578638a85aa2519f5/contracts/security/ReentrancyGuard.sol#L23-L27 Use uint256(1) and uint256(2) for true/false

5 instances in 4 files:

contracts/distribution/TokenDistributor.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L62

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L197 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L207

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L106

contracts/globals/Globals.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/globals/Globals.sol#L12

G-15 Use a more recent version of solidity

Use a solidity version of at least 0.8.0 to get overflow protection without SafeMath Use a solidity version of at least 0.8.2 to get compiler automatic inlining Use a solidity version of at least 0.8.3 to get better struct packing and cheaper multiple storage reads Use a solidity version of at least 0.8.4 to get custom errors, which are cheaper at deployment than revert()/require() strings Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value. Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value. Use a solidity version of at least 0.8.12 to get string.concat() instead of abi.encodePacked(<str>,<str>). Use a solidity version of at least 0.8.13 to get the ability to use using for with a list of free functions

46 instances (all files in scope):

G-16 Use != 0 instead of > 0

Using > 0 uses slightly more gas than using != 0. Use != 0 when comparing uint variables to zero, which cannot hold values below zero. This change saves 6 gas per instance

2 instances in 1 file:

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L144 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L471

G-17 Redundant zero initialization ( / default values)

Solidity does not recognize null as a value, so uint variables are initialized to zero. Setting a uint variable to zero is redundant and can waste gas. There are several places where an int is initialized to zero, which looks like: uint256 amount = 0; Recommended Mitigation Steps: Remove the redundant zero initialization uint256 amount; ( / or: If a variable is not set/initialized, it is assumed to have the default value (0 for uint, false for bool, address(0) for address…). Explicitly initializing it with its default value is an anti-pattern and wastes gas.)

10 instances in 5 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L432

contracts/proposals/ListOnOpenseaProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L291

G-18 Empty blocks should be removed or emit something

The code should be refactored such that they no longer exist, or the block should do something useful, such as emitting an event or reverting. If the contract is meant to be extended, the contract should be abstract and the function signatures be added without any default implementation. If the block is an empty if-statement block to avoid doing subsequent checks in the else-if/else conditions, the else-if/else conditions should be nested under the negation of the if-statement, because they involve different classes of checks, which may lead to the introduction of errors when the code is later modified (if(x){}else if(y){...}else{...} => if(!x){if(y){...}else{...}})

3 instances in 2 files:

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L104 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L144

contracts/crowdfund/BuyCrowdfundBase.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L67

G-19 Bitshift for multiple / divide by 2

When multiply or dividing by a power of two, it is cheaper to bitshift than to use standard math operations, ie <x> * 2 is equivalent to <x> << 1 and <x> / 2 is the same as <x> >> 1. The MUL and DIV opcodes cost 5 gas, whereas SHL and SHR only cost 3 gas

1 instance in 1 files:

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L434

G-20 Usage of uints/ints smaller than 32 bytes (256 bits) incurs overhead

When using elements that are smaller than 32 bytes, your contract’s gas usage may be higher. This is because the EVM operates on 32 bytes at a time. Therefore, if the element is smaller than that, the EVM must use more operations in order to reduce the size of the element from 32 bytes to the desired size. https://docs.soliditylang.org/en/v0.8.11/internals/layout_in_storage.html Use a larger size then downcast where needed

129 instances in 15 files:

contracts/proposals/ProposalExecutionEngine.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L29 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L221 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ProposalExecutionEngine.sol#L247

contracts/crowdfund/AuctionCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L48 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L56 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L94 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L99 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L118 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L170 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/AuctionCrowdfund.sol#L210

contracts/crowdfund/CollectionBuyCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L31 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L34 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L40 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L116

contracts/crowdfund/BuyCrowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L30 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L33 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L39 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfund.sol#L100

G-21 abi.encode() is less efficient than abi.encodePacked()

5 instances in 3 files:

contracts/utils/ReadOnlyDelegateCall.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/ReadOnlyDelegateCall.sol#L23 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/ReadOnlyDelegateCall.sol#L33

contracts/proposals/ListOnZoraProposal.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol#L115

G-22 Don’t compare boolean expressions to boolean literals

if (<x> == true) => if (<x>), if (<x> == false) => if (!<x>)

4 instances in 2 files:

contracts/crowdfund/Crowdfund.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L461

contracts/party/PartyGovernance.sol https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L465 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L467 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L591

PartyDAO contest - JC's results

A protocol for buying, using, and selling NFTs as a group.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-56] QA Report - $82.34

Findings Information

Awards

Labels

External Links

Summary

L-01 Unused receive() function will lock Ether in contract

L-02 require() should be used instead of assert()

L-03 Unsafe ERC20 Operation(s)

L-04 Unspecific Compiler Version Pragma

L-05 Unnecessary transferFrom() function

L-06 Duplicate safeTransferFrom() function

N-01 Adding a return statement when the function defines a named return variable, is redundant

N-02 public functions not called by the contract should be declared external instead

N-03 type(uint<n>).max should be used instead of uint<n>(-1)

N-04 constants should be defined rather than using magic numbers

N-05 Use a more recent version of solidity

N-06 File is missing NatSpec

N-07 NatSpec is incomplete

N-08 Event is missing indexed fields

N-09 uint256 is assigned to zero by default, additional reassignment to zero is unnecessary

[G-05] Gas Report - $83.52

Findings Information

Awards

Labels

External Links

Summary

G-01 Use simple comparison in trinary logic / in if statement (>=)

G-02 Multiple address mappings can be combined into a single mapping of an address to a struct, where appropriate

G-03 State variables only set in the constructor should be declared immutable

G-04 State variables can be packed into fewer storage slots

G-05 Using calldata instead of memory for read-only arguments in external functions saves gas

G-06 Expressions for constant values such as a call to keccak256(), should use immutable rather than constant

G-07 <x> += <y> costs more gas than <x> = <x> + <y> for state variables

G-08 internal functions only called once can be inlined to save gas

G-09 Cache array length before loop (see <array>.length)

G-10 ++i should be unchecked{++i}

G-11 Use calldata instead of memory for function parameters

G-12 keccak256() should only need to be called on a specific string literal once

G-13 Public functions to external

G-14 Using bools for storage incurs overhead

G-15 Use a more recent version of solidity

G-16 Use != 0 instead of > 0

G-17 Redundant zero initialization ( / default values)

G-18 Empty blocks should be removed or emit something

G-19 Bitshift for multiple / divide by 2

G-20 Usage of uints/ints smaller than 32 bytes (256 bits) incurs overhead

G-21 abi.encode() is less efficient than abi.encodePacked()

G-22 Don’t compare boolean expressions to boolean literals