Back to hake's contests

Joyn contest - hake's results

Launchpad for collaborative web3 media projects with blueprints, building blocks, and community support.

General Information

Platform: Code4rena

Start Date: 30/03/2022

Pot Size: $30,000 USDC

Total HM: 21

Participants: 38

Period: 3 days

Judge: Michael De Luca

Total Solo HM: 10

Id: 104

League: ETH

Joyn

Findings Distribution

Researcher Performance

Rank: 33/38

Findings: 2

Award: $99.77

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJoyn

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0v3rf10w, 0x, 0x1f8b, 0xDjango, 0xkatana, BouSalman, Dravee, Hawkeye, IllIllI, Ruhum, WatchPug, defsec, hake, hubble, hyh, kenta, kirk-baird, leastwood, rayn, robee, saian, wuwe1, ych18, z3s

Awards

63.9852 USDC - $63.99

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

LOW

Low#1: Use safeTransferFrom instead of transferFrom or implement bool check.

CoreCollection.withdraw Failure to check if transferFrom might result in silent failures of transfers. I recommend using something like OpenZeppelin’s safeTransfer/safeTransferFrom or introducing a require() statement that checks the return value of token transfers.

Low+Gas#2: Initializing variable to default value is unnecessary and using a prefix(++i) is more efficient than using a postfix(i++)

CoreCollection.batchmint

Suggest changing from this:

for (uint256 i = 0; i < _amount; i++) {
            uint256 tokenId = mint(_to);
            if (_isClaim) {
                emit NewClaim(msg.sender, _to, tokenId);
            }
        }

To this:

for (uint256 i; i < _amount; ++i) {
            uint256 tokenId = mint(_to);
            if (_isClaim) {
                emit NewClaim(msg.sender, _to, tokenId);
            }
        }

Note: There is a duplicate of the gas part in the gas report, but I thought it would be more neat to show both changes together.

Low#3: No zero address checks in constructor.

CoreFactory.constructor

A new contract will have to be launched if _collection or _splitFactory are set to zero by mistake as there are no other ways to change them.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xkatana, Dravee, Funen, Tomio, WatchPug, blackswordsman, defsec, hake, kenta, minhquanym, rayn, rfa, robee, saian, securerodd, ych18, z3s

Awards

35.7763 USDC - $35.78

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

GAS

Gas#1: Using a prefix(++i) is more efficient than using a postfix(i++)

CoreCollection.batchmint

Suggest changing from this:

for (uint256 i = 0; i < _amount; i++) {
            uint256 tokenId = mint(_to);
            if (_isClaim) {
                emit NewClaim(msg.sender, _to, tokenId);
            }
        }

To this:

for (uint256 i=0; i < _amount; ++i) {
            uint256 tokenId = mint(_to);
            if (_isClaim) {
                emit NewClaim(msg.sender, _to, tokenId);
            }
        }

Gas#2: Cachingcached _collections.length can save gas

CoreFactory.createProject

require(
      _collections.length > 0,
      'CoreFactory: should have more at least one collection'
    );

    for (uint256 i; i < _collections.length; i++) {
      Collection memory _collection = _collections[i];
      address coreCollection = _createCollection(_collection);

_collections.length is used at least twice in createProject. By caching it, less gas will be used.

Example:

uint256 collectionsLength = _collections.length
require(
      _collections.length > 0,
      'CoreFactory: should have more at least one collection'
    );

    for (uint256 i; i < _collections.length; i++) {
      Collection memory _collection = _collections[i];
      address coreCollection = _createCollection(_collection);
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter