Nouns Builder contest - delfin454000's results

A permissionless, governed protocol to deploy nouns-style DAOs complete with treasury, generative collections, and governance mechanisms.

General Information

Platform: Code4rena

Start Date: 06/09/2022

Pot Size: $90,000 USDC

Total HM: 33

Participants: 168

Period: 9 days

Judge: GalloDaSballo

Total Solo HM: 10

Id: 157

League: ETH

Nouns Builder

Findings Distribution

Researcher Performance

Rank: 118/168

Findings: 1

Award: $60.77

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Nouns Builder

Findings Information

🌟 Selected for report: Lambda

Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron

Awards

60.7742 USDC - $60.77

Labels

bug

QA (Quality Assurance)

old-submission-method

External Links

Link to GitHub issue

Typos

IGovernor.sol: L290

    /// @param newVetoer The new vetoer addresss

Change addresss to address

ERC721Votes.sol: L160

            // Compute the hash of the domain seperator with the typed delegation data

Change seperator to separator

ERC721Votes.sol: L221

                    // Get the recipients's number of checkpoints

Change recipients's to recipient's

Manager.sol: L113

        // This founder is responsible for adding token artwork and launching the first auction -- they're also free to transfer this responsiblity

Change responsiblity to responsibility

Token.sol: L104

                // Used to store the base token id the founder will recieve

Change recieve to receive

Long single line comments

In theory, comments over 79 characters should wrap using multi-line comment syntax. Even if somewhat longer comments are acceptable, there are cases where very long comments interfere with readability. Below are five instances of extra-long comments whose readability could be improved by wrapping, as shown:

Manager.sol: L113

        // This founder is responsible for adding token artwork and launching the first auction -- they're also free to transfer this responsiblity

Suggestion:

        // This founder is responsible for adding token artwork and launching the first auction — 
        //   they're also free to transfer this responsibility.

The following comment occurs twice:

IToken.sol: L86

Token.sol: L268

    /// NOTE: If a founder is returned, there's no guarantee they'll receive the token as vesting expiration is not considered

Suggestion:

    /// NOTE: If a founder is returned, there's no guarantee they'll receive the token
    ///   as vesting expiration is not considered.

IManager.sol: L55

    /// @param initStrings The encoded token name, symbol, collection description, collection image uri, renderer base uri

Suggestion:

    /// @param initStrings The encoded token name, symbol, collection description, 
    ///   collection image uri, renderer base uri.

Governor.sol: L362

            // Ensure the caller is the proposer or the proposer's voting weight has dropped below the proposal threshold

Suggestion:

            // Ensure the caller is the proposer or the proposer's voting weight
            //   has dropped below the proposal threshold.

Initializable.sol: L26

    /// @dev Ensures an initialization function is only called within an `initializer` or `reinitializer` function

Suggestion:

    /// @dev Ensures an initialization function is only called
    ///   within an `initializer` or `reinitializer` function.

Missing `@param` statements

@param statements are missing for _forceCall in both functions referenced below:

ERC1967Upgrade.sol: L30-37

ERC1967Upgrade.sol: L51-58

Example (ERC1967Upgrade.sol: L51-58):

    /// @dev Upgrades to an implementation with an additional function call
    /// @param _newImpl The new implementation address
    /// @param _data The encoded function call
    function _upgradeToAndCall(
        address _newImpl,
        bytes memory _data,
        bool _forceCall
    ) internal {

@param statement is missing for _data below:

ERC721.sol: L170-179

    /// @notice Safe transfers a token from sender to recipient with additional data
    /// @param _from The sender address
    /// @param _to The recipient address
    /// @param _tokenId The ERC-721 token id
    function safeTransferFrom(
        address _from,
        address _to,
        uint256 _tokenId,
        bytes calldata _data
    ) external {

Inconsistent initialization of counters in `for` loops

Some for loop counters are initiated to zero (e.g., uint256 i = 0;) in Nouns Builder whereas others are not (uint256 i;). It is not necessary to initialize for loop counters to zero since this is their default value. For consistency, it makes sense to omit counter initializations in the for loops below:

Treasury.sol: L162

MetadataRenderer.sol: L119

MetadataRenderer.sol: L133

MetadataRenderer.sol: L189

MetadataRenderer.sol: L229