Back to ajtra's contests

PartyDAO contest - ajtra's results

A protocol for buying, using, and selling NFTs as a group.

General Information

Platform: Code4rena

Start Date: 12/09/2022

Pot Size: $75,000 USDC

Total HM: 19

Participants: 110

Period: 7 days

Judge: HardlyDifficult

Total Solo HM: 9

Id: 160

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 78/110

Findings: 1

Award: $37.44

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPartyDAO

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler

Awards

37.4388 USDC - $37.44

Labels

bug
G (Gas Optimization)
low quality report
sponsor acknowledged

External Links

Link to GitHub issue

1. Post-increment/decrement cost more gas then pre-increment/decrement

Description

++var (--var) cost less gas than var++ (var--)

Lines in the code

CollectionBuyCrowdfund.sol#L62

2. Call to KECCAK256 should use IMMUTABLE rather than constant

Description

Expressions for constant values such as a call to KECCAK256 should use IMMUTABLE rather than constant

Lines in the code

ProposalStorage.sol#L19 ProposalExecutionEngine.sol#L80

3. Array length should not be looked up in every loop of a for-loop

Description

Storage array length checks incur an extra Gwarmaccess (100 gas) per loop. Store the array length in a variable and use it in the for loop helps to save gas

Lines in the code

CollectionBuyCrowdfund.sol#L62 ArbitraryCallsProposal.sol#L52 ArbitraryCallsProposal.sol#L61 ArbitraryCallsProposal.sol#L78 TokenDistributor.sol#L230 TokenDistributor.sol#L239 ListOnOpenseaProposal.sol#L291 Crowdfund.sol#L180 Crowdfund.sol#L300 PartyGovernance.sol#L306 LibProposal.sol#L14 LibProposal.sol#L32

4. != 0 is cheaper than > 0

Description

Replace all > 0 for != 0

Lines in the code

Crowdfund.sol#L144 Crowdfund.sol#L471

5. Variable1 = Variable1 + (-) Variable2 is cheaper in gas cost than variable1 += (-=) variable2.

Lines in the code

ArbitraryCallsProposal.sol#L72 TokenDistributor.sol#L381 Crowdfund.sol#L243 Crowdfund.sol#L352 Crowdfund.sol#L355 Crowdfund.sol#L359 Crowdfund.sol#L374 Crowdfund.sol#L411 Crowdfund.sol#L427 PartyGovernance.sol#L595 PartyGovernance.sol#L959

6. Use a more recent version of solidity

Description

Use a solidity version of at least 0.8.2 to get compiler automatic inlining Use a solidity version of at least 0.8.3 to get better struct packing and cheaper multiple storage reads Use a solidity version of at least 0.8.4 to get custom errors, which are cheaper at deployment than revert()/require() strings Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value. https://github.com/ethereum/solidity/releases

Lines in the code

EIP165.sol#L2 ERC1155Receiver.sol#L2 ERC721Receiver.sol#L2 ReadOnlyDelegateCall.sol#L2 Party.sol#L2 PartyFactory.sol#L2 ProposalStorage.sol#L2 FractionalizeProposal.sol#L2 Globals.sol#L2 BuyCrowdfund.sol#L2 CollectionBuyCrowdfund.sol#L2 CrowdfundFactory.sol#L2 CrowdfundNFT.sol#L2 PartyGovernanceNFT.sol#L2 ListOnZoraProposal.sol#L2 AuctionCrowdfund.sol#L2 ArbitraryCallsProposal.sol#L2 ProposalExecutionEngine.sol#L2 TokenDistributor.sol#L2 Implementation.sol#L2 BuyCrowdfundBase.sol#L2 ListOnOpenseaProposal.sol#L2 Crowdfund.sol#L2 PartyGovernance.sol#L2 LibAddress.sol#L2 LibSafeERC721.sol#L2 LibERC20Compat.sol#L2 LibProposal.sol#L2 LibSafeCast.sol#L2

7. Using bools for storage incurs overhead

Description

Use uint256(1) and uint256(2) for true/false to avoid a Gwarmaccess (100 gas), and to avoid Gsset (20000 gas) when changing from 'false' to 'true', after having been 'true' in the past

Lines in the code

CollectionBuyCrowdfund.sol#L61 ArbitraryCallsProposal.sol#L46 ArbitraryCallsProposal.sol#L50 ArbitraryCallsProposal.sol#L98 TokenDistributor.sol#L62 ListOnOpenseaProposal.sol#L131 Crowdfund.sol#L106 PartyGovernance.sol#L108 PartyGovernance.sol#L148 PartyGovernance.sol#L197 PartyGovernance.sol#L207 PartyGovernance.sol#L697 PartyGovernance.sol#L765 PartyGovernance.sol#L831 LibAddress.sol#L11 LibSafeERC721.sol#L21 LibERC20Compat.sol#L15

8. ABI.ENCODE() is less efficient than ABI.ENCODEPACKED()

Lines in the code

ReadOnlyDelegateCall.sol#L23 ListOnZoraProposal.sol#L115 ListOnOpenseaProposal.sol#L164 ListOnOpenseaProposal.sol#L219

9. Multiplication/division by two should use bit shifting

Description

<x> * 2 is equivalent to <x> << 1 and <x> / 2 is the same as <x> >> 1. The MUL and DIV opcodes cost 5 gas, whereas SHL and SHR only cost 3 gas

Lines in the code

PartyGovernance.sol#L434

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter