Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 67
Period: 5 days
Judge: Picodes
Total Solo HM: 7
Id: 172
League: ETH
Rank: 40/67
Findings: 1
Award: $37.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, Aymen0909, BClabs, Diana, Jeiwan, Lambda, LeoS, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, SaharAP, Trust, V_B, __141345__, a12jmx, bharg4v, brgltd, carlitox477, ch0bu, chaduke, cloudjunky, cryptostellar5, cryptphi, csanuragjain, d3e4, delfin454000, erictee, fatherOfBlocks, hansfriese, ignacio, joestakey, karanctf, ladboy233, lukris02, mcwildy, minhtrng, peanuts, ret2basic, seyni, slowmoses, svskaushik, tnevler, yixxas
37.8829 USDC - $37.88
The Openzeppelin’s Ownable contract implements renounceOwnership. This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.
File : JBTiered721Delegate.sol
JBTiered721Delegate.sol#L29
Admin calls Ownable.transferOwnership function to transfers the ownership to the new address directly. As such, there is a risk that the ownership is transferred to an invalid address, thus causing the contract to be without a owner.
File : JBTiered721Delegate.sol
JBTiered721Delegate.sol#L29
Even assembly can benefit from using readable constants instead of hex/numeric literals.
File : JBIpfsDecoder.sol
JBIpfsDecoder.sol#L52 JBIpfsDecoder.sol#L54 JBIpfsDecoder.sol#L60
File : JBTiered721Delegate.sol
JBTiered721Delegate.sol#L551
File : JBBitmap.sol
JBBitmap.sol#L74
File : JBTiered721DelegateStore.sol
JBTiered721DelegateStore.sol#L1279
File : JBTiered721DelegateProjectDeployer.sol
JBTiered721DelegateProjectDeployer.sol#L64
Usually lines in source code are limited to 80 characters. Today’s screens are much larger so it’s reasonable to stretch this in some cases. Since the files will most likely reside in GitHub, and GitHub starts using a scroll bar in all cases when the length is over 164 characters, the lines below should be split when they reach that length
File : JBTiered721Delegate.sol
JBTiered721Delegate.sol#L545
File : JBTiered721DelegateDeployer.sol
JBTiered721DelegateDeployer.sol#L15
File : JB721TieredGovernance.sol
JB721TieredGovernance.sol#L235
File : JB721Delegate.sol
JB721Delegate.sol#L242
File : JBTiered721DelegateProjectDeployer.sol
JBTiered721DelegateProjectDeployer.sol#L15
Block timestamps have historically been used for a variety of applications, such as entropy for random numbers (see the Entropy Illusion for further details), locking funds for periods of time, and various state-changing conditional statements that are time-dependent. Miners have the ability to adjust timestamps slightly, which can prove to be dangerous if block timestamps are used incorrectly in smart contracts.
File : JBTiered721DelegateStore.sol
JBTiered721DelegateStore.sol#L903
Solidity version 0.8.17 have just been released, The latter fixes an important bug in the previous version (currently being used by Jukebox), makes overflow checks on multiplication more efficient and adds an LSP feature to always analyze all files in a project.
#0 - c4-judge
2022-11-08T16:56:24Z
Picodes marked the issue as grade-b