Nouns DAO contest - Trabajo_de_mates's results

A DAO-driven NFT project on Ethereum.

General Information

Platform: Code4rena

Start Date: 22/08/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 160

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 155

League: ETH

Nouns DAO

Findings Distribution

Researcher Performance

Rank: 119/160

Findings: 1

Award: $35.44

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Nouns DAO

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0bi, 0x040, 0x1337, 0x1f8b, 0xDjango, 0xNazgul, 0xNineDec, 0xRajeev, 0xSky, 0xSmartContract, 0xbepresent, 0xkatana, 0xmatt, 8olidity, Aymen0909, Bjorn_bug, Bnke0x0, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, DevABDee, DimitarDimitrov, Dravee, ElKu, Funen, GalloDaSballo, GimelSec, Guardian, Haruxe, JC, JansenC, Jeiwan, JohnSmith, KIntern_NA, Lambda, LeoS, Noah3o6, Olivierdem, R2, RaymondFam, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Saintcode_, Sm4rty, SooYa, Soosh, TomJ, Tomo, Trabajo_de_mates, Waze, _Adam, __141345__, ajtra, android69, asutorufos, auditor0517, berndartmueller, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, catchup, cccz, csanuragjain, d3e4, delfin454000, dipp, djxploit, durianSausage, erictee, exd0tpy, fatherOfBlocks, gogo, hyh, ladboy233, lukris02, mics, mrpathfindr, natzuu, oyc_109, p_crypt0, pashov, pauliax, pfapostol, prasantgupta52, rajatbeladiya, rbserver, ret2basic, rfa, robee, rokinot, rvierdiiev, sach1r0, saian, seyni, shenwilly, sikorico, simon135, sryysryy, sseefried, throttle, tnevler, tonisives, wagmi, xiaoming90, yixxas, z3s, zkhorse, zzzitron

Awards

35.4386 USDC - $35.44

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

MSG.SENDER != ADDRESS(0) IRRELEVANT CHECK

Msg.sender can never be address(0) therefore in contract NounsDAOLogicV2.sol line 819 require(msg.sender == pendingAdmin && msg.sender != address(0) there is an error checking it, what needs to be check is that newPendingAdmin != address(0) when proposing a new admin on function _setPendingAdmin instead.

Error:

function _setPendingAdmin(address newPendingAdmin) external { require(msg.sender == admin, 'NounsDAO::_setPendingAdmin: admin only');}

function _acceptAdmin() external { require(msg.sender == pendingAdmin && msg.sender != address(0), 'NounsDAO::_acceptAdmin: pending admin only');

Fix: function _setPendingAdmin(address newPendingAdmin) external { require(msg.sender == admin, 'NounsDAO::_setPendingAdmin: admin only'); require(newPendingAdmin != address(0), 'NounsDAO::_setPendingAdmin: newPendingAdmin cannot be 0);

function _acceptAdmin() external { require(msg.sender == pendingAdmin, 'NounsDAO::_acceptAdmin: pending admin only');

Nouns DAO contest - Trabajo_de_mates's results

A DAO-driven NFT project on Ethereum.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-91] QA Report - $35.44

Findings Information

Awards

Labels

External Links

MSG.SENDER != ADDRESS(0) IRRELEVANT CHECK