Juicebox contest - hansfriese's results

The decentralized fundraising and treasury protocol.

General Information

Platform: Code4rena

Start Date: 18/10/2022

Pot Size: $50,000 USDC

Total HM: 13

Participants: 67

Period: 5 days

Judge: Picodes

Total Solo HM: 7

Id: 172

League: ETH

Juicebox

Findings Distribution

Researcher Performance

Rank: 19/67

Findings: 1

Award: $342.00

QA:

grade-a

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Juicebox

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, Aymen0909, BClabs, Diana, Jeiwan, Lambda, LeoS, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, SaharAP, Trust, V_B, __141345__, a12jmx, bharg4v, brgltd, carlitox477, ch0bu, chaduke, cloudjunky, cryptostellar5, cryptphi, csanuragjain, d3e4, delfin454000, erictee, fatherOfBlocks, hansfriese, ignacio, joestakey, karanctf, ladboy233, lukris02, mcwildy, minhtrng, peanuts, ret2basic, seyni, slowmoses, svskaushik, tnevler, yixxas

Awards

341.9967 USDC - $342.00

Labels

bug

QA (Quality Assurance)

grade-a

Q-21

External Links

Link to GitHub issue

[L-01] Wrong events

https://github.com/jbx-protocol/juice-nft-rewards/blob/7d7aec6f8642c6e1c5e55cfed67eb69b6fc8174a/contracts/JB721TieredGovernance.sol#L287

emit TierDelegateVotesChanged(_from, _oldValue, _newValue, _tierId, msg.sender);

It should be modified like below.

emit TierDelegateVotesChanged(_from, _tierId, _oldValue, _newValue, msg.sender);

[L-02] Incorrect pre-check condition

https://github.com/jbx-protocol/juice-nft-rewards/blob/7d7aec6f8642c6e1c5e55cfed67eb69b6fc8174a/contracts/JBTiered721Delegate.sol#L551

    if (
      _data.metadata.length > 36 && 
      bytes4(_data.metadata[32:36]) == type(IJB721Delegate).interfaceId
    ) {

4 bytes of interfaceId is saved from 32 to 36(exclusive) and it's enough to check if _data.metadata.length >= 36 instead of _data.metadata.length > 36.

[L-03] Immutable addresses should be 0-checked

[N-01] require()/revert() statements should have descriptive reason strings

https://github.com/jbx-protocol/juice-nft-rewards/blob/7d7aec6f8642c6e1c5e55cfed67eb69b6fc8174a/contracts/JBTiered721Delegate.sol#L215-L218

    // Make the original un-initializable.
    require(address(this) != codeOrigin);
    // Stop re-initialization.
    require(address(store) == address(0));

#0 - c4-judge
2022-11-04T14:38:13Z

Picodes marked the issue as grade-a

#1 - Picodes
2022-11-04T14:38:18Z

1 is a nice catch, so grading A

Juicebox contest - hansfriese's results

The decentralized fundraising and treasury protocol.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-21] QA Report - $342.00

Findings Information

Awards

Labels

External Links

[L-01] Wrong events

[L-02] Incorrect pre-check condition

[L-03] Immutable addresses should be 0-checked

[N-01] require()/revert() statements should have descriptive reason strings

#0 - c4-judge2022-11-04T14:38:13Z

#1 - Picodes2022-11-04T14:38:18Z

#0 - c4-judge
2022-11-04T14:38:13Z

#1 - Picodes
2022-11-04T14:38:18Z