Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 89/168
Findings: 2
Award: $106.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7743 USDC - $60.77
Off-chain scripts cannot efficiently filter these events because they are not indexed.
Example how events should be indexed: https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/lib/interfaces/IOwnable.sol#L15-L25
Locations where it is necessary to add index to events:
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/auction/IAuction.sol#L22-L50
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/manager/IManager.sol#L21-L31
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/token/IToken.sol#L21
Duplicate 1: Token.sol#L145-L148
Duplicate 2: Token.sol#L209
Token.sol has a validation duplication and there should be created a new modifier in order to reduce code.
Recommendation:
+ modifier onlyAuction { + if (msg.sender != minter) revert ONLY_AUCTION(); + _; + } - function mint() external nonReentrant returns (uint256 tokenId) { + function mint() external nonReentrant onlyAuction returns (uint256 tokenId) { - // Cache the auction address - address minter = settings.auction; - // Ensure the caller is the auction - if (msg.sender != minter) revert ONLY_AUCTION(); // Cannot realistically overflow unchecked { do { // Get the next token to mint tokenId = settings.totalSupply++; // Lookup whether the token is for a founder, and mint accordingly if so } while (_isForFounder(tokenId)); } // Mint the next available token to the auction house for bidding - _mint(minter, tokenId); + _mint(msg.sender, tokenId); } - function burn(uint256 _tokenId) external { + function burn(uint256 _tokenId) external onlyAuction { - // Ensure the caller is the auction house - if (msg.sender != settings.auction) revert ONLY_AUCTION(); // Burn the token _burn(_tokenId); }
#0 - GalloDaSballo
2022-09-27T00:40:09Z
R
🌟 Selected for report: pfapostol
Also found by: 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Cr4ckM3, Deivitto, DimSon, Franfran, JAGADESH, JC, Jeiwan, Lambda, LeoS, Matin, Metatron, Migue, MiloTruck, PPrieditis, PaludoX0, R2, RaymondFam, Respx, ReyAdmirado, Rolezn, Saintcode_, Samatak, SnowMan, StevenL, Tointer, TomJ, Tomo, WatchDogs, Waze, _Adam, __141345__, ajtra, asutorufos, ballx, brgltd, bulej93, c3phas, ch0bu, dharma09, djxploit, durianSausage, easy_peasy, fatherOfBlocks, gianganhnguyen, gogo, imare, leosathya, lucacez, martin, oyc_109, pauliax, peiw, prasantgupta52, ret2basic, rfa, robee, sikorico, simon135, tofunmi, volky, wagmi, zishansami
45.4217 USDC - $45.42
Prefix increments are cheaper than postfix increments. Code ussually uses prefix however some places were missed.
uint256 founderId = settings.numFounders++; to uint256 founderId = ++settings.numFounders; https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/token/Token.sol#L91
tokenId = settings.totalSupply++; https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/token/Token.sol#L154
Context 1: Governor.sol#L123-L129
Developer forgot to use cached value and code is invoking the same function for the second time.
Recommendation:
uint256 currentProposalThreshold = proposalThreshold(); // Cannot realistically underflow and `getVotes` would revert unchecked { // Ensure the caller's voting weight is greater than or equal to the threshold - if (getVotes(msg.sender, block.timestamp - 1) < proposalThreshold()) revert BELOW_PROPOSAL_THRESHOLD(); + if (getVotes(msg.sender, block.timestamp - 1) < currentProposalThreshold) revert BELOW_PROPOSAL_THRESHOLD(); }
#0 - GalloDaSballo
2022-09-26T20:17:22Z
Should use consistently prefix increment for loops
Cannot use per the code
should use cached currentProposalThreshold in Governor.sol
200 gas