Back to asutorufos's contests

Juicebox V2 contest - asutorufos's results

The decentralized fundraising and treasury protocol.

General Information

Platform: Code4rena

Start Date: 01/07/2022

Pot Size: $75,000 USDC

Total HM: 17

Participants: 105

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 5

Id: 143

League: ETH

Juicebox

Findings Distribution

Researcher Performance

Rank: 50/105

Findings: 2

Award: $128.44

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJuicebox

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xdanial, 0xf15ers, Bnke0x0, Ch_301, Chandr, Chom, Funen, GimelSec, Hawkeye, JC, Kaiziron, Lambda, Meera, MiloTruck, Noah3o6, Picodes, ReyAdmirado, Rohan16, Sm4rty, TerrierLover, TomJ, Waze, _Adam, __141345__, asutorufos, aysha, berndartmueller, brgltd, cccz, codexploder, defsec, delfin454000, djxploit, durianSausage, fatherOfBlocks, hake, horsefacts, hubble, jayfromthe13th, joestakey, jonatascm, m_Rassska, oyc_109, pashov, rajatbeladiya, rbserver, robee, sach1r0, sahar, samruna, simon135, svskaushik, zzzitron

Awards

90.2101 USDC - $90.21

Labels

bug
QA (Quality Assurance)
valid

External Links

Link to GitHub issue

L-1 MISSING CHECKS FOR APPROVE() Sometimes some tokens will return false rather then reverting so it better practice to use OpenZeppelin's safeApprove() which will revert if there is a failure. JBERC20PaymentTerminal.sol L#99

L-2 Use Two-Step Transfer Pattern for Access Controls Contracts implementing access control's, e.g. owner, should consider implementing a Two-Step Transfer pattern.

Otherwise it's possible that the role mistakenly transfers ownership to the wrong address, resulting in a loss of the role. [JBTokenStore.sol]https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/828bf2f3e719873daa08081cfa0d0a6deaa5ace5/contracts/JBTokenStore.sol#:~:text=if%20(_newOwner%20!%3D,(_projectId%2C%20_newOwner)%3B

N-1 NATSPEC IS INCOMPLETE

  @param _interfaceId The ID of the interface to check for adherance to.
  */
  function supportsInterface(bytes4 _interfaceId)
    public
    view
    virtual
    override(IERC165, ERC721)
    returns (bool)

Missing: @return

Findings Information

🌟 Selected for report: 0xA5DF

Also found by: 0v3rf10w, 0x09GTO, 0x1f8b, 0x29A, 0xDjango, 0xKitsune, 0xNazgul, 0xdanial, 0xf15ers, Aymen0909, Bnke0x0, Ch_301, Cheeezzyyyy, Chom, ElKu, Funen, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Lambda, Limbooo, Meera, Metatron, MiloTruck, Noah3o6, Picodes, Randyyy, RedOneN, ReyAdmirado, Rohan16, Saintcode_, Sm4rty, TomJ, Tomio, Tutturu, UnusualTurtle, Waze, _Adam, __141345__, ajtra, apostle0x01, asutorufos, brgltd, c3phas, cRat1st0s, codexploder, defsec, delfin454000, djxploit, durianSausage, exd0tpy, fatherOfBlocks, hake, horsefacts, ignacio, jayfromthe13th, joestakey, jonatascm, kaden, kebabsec, m_Rassska, mektigboy, mrpathfindr, oyc_109, rajatbeladiya, rbserver, rfa, robee, sach1r0, sashik_eth, simon135

Awards

38.2308 USDC - $38.23

Labels

bug
G (Gas Optimization)
valid

External Links

Link to GitHub issue

G-1 CACHING STORAGE VARIABLES IN MEMORY TO SAVE GAS In particular, in for loops, when using the length of a storage array as the condition being checked after each loop, caching the array length in memory can yield significant gas savings if the array length is high. JBOperatorStore.sol L#135 JBOperatorStore.sol L#165

G-2 PREFIX INCREMENTS Prefix increments are cheaper than postfix increments.

JBFundingCycleStore.sol

JBFundingCycleStore.sol:724

JBSplitStore.sol

JBSplitStore.sol:204
JBSplitStore.sol:211
JBSplitStore.sol:229
JBSplitStore.sol:304

JBOperatorStore.sol

JBOperatorStore.sol:85
JBOperatorStore.sol:135
JBOperatorStore.sol:165

JBDirectory.sol

JBDirectory.sol:139
JBDirectory.sol:167
JBDirectory.sol:275
JBDirectory.sol:276

G-3 Don't Initialize Variables with Default Value Uninitialized variables are assigned with the types default value.

JBFundingCycleStore.sol

JBFundingCycleStore.sol:724

JBSplitStore.sol

JBSplitStore.sol:204
JBSplitStore.sol:211
JBSplitStore.sol:229
JBSplitStore.sol:304

JBOperatorStore.sol

JBOperatorStore.sol:85
JBOperatorStore.sol:135
JBOperatorStore.sol:165

JBDirectory.sol

JBDirectory.sol:139
JBDirectory.sol:167
JBDirectory.sol:275
JBDirectory.sol:276
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter