Back to jayfromthe13th's contests

Juicebox V2 contest - jayfromthe13th's results

The decentralized fundraising and treasury protocol.

General Information

Platform: Code4rena

Start Date: 01/07/2022

Pot Size: $75,000 USDC

Total HM: 17

Participants: 105

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 5

Id: 143

League: ETH

Juicebox

Findings Distribution

Researcher Performance

Rank: 64/105

Findings: 2

Award: $127.43

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJuicebox

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xdanial, 0xf15ers, Bnke0x0, Ch_301, Chandr, Chom, Funen, GimelSec, Hawkeye, JC, Kaiziron, Lambda, Meera, MiloTruck, Noah3o6, Picodes, ReyAdmirado, Rohan16, Sm4rty, TerrierLover, TomJ, Waze, _Adam, __141345__, asutorufos, aysha, berndartmueller, brgltd, cccz, codexploder, defsec, delfin454000, djxploit, durianSausage, fatherOfBlocks, hake, horsefacts, hubble, jayfromthe13th, joestakey, jonatascm, m_Rassska, oyc_109, pashov, rajatbeladiya, rbserver, robee, sach1r0, sahar, samruna, simon135, svskaushik, zzzitron

Awards

89.1918 USDC - $89.19

Labels

bug
QA (Quality Assurance)
valid

External Links

Link to GitHub issue
Local variable shadowing

https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/helpers/TestBaseWorkflow.sol#L52 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestTokenFlow.sol#L198

--TestBaseWorkflow._beneficiary (contracts/system_tests/helpers/TestBaseWorkflow.sol#52) (state variable) TestTokenFlow.testTokenChangeFlow()._beneficiary (contracts/system_tests/TestTokenFlow.sol#198) shadows:

Missing zero address validation

https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBETHERC20ProjectPayer.sol#L133

--JBETHERC20ProjectPayer.constructor(uint256,address,bool,string,bytes,bool,IJBDirectory,address)._defaultBeneficiary (contracts/JBETHERC20ProjectPayer.sol#124) lacks a zero-check on : - defaultBeneficiary = _defaultBeneficiary (contracts/JBETHERC20ProjectPayer.sol#133)

 Pre-declaration usage of local variables

https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/abstract/JBPayoutRedemptionPaymentTerminal.sol#L1473 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBFundingCycleStore.sol#L325'

--JBFundingCycleStore.configureFor(uint256,JBFundingCycleData,uint256,uint256)._supports (contracts/JBFundingCycleStore.sol#324)' in

--JBFundingCycleStore.configureFor(uint256,JBFundingCycleData,uint256,uint256) (contracts/JBFundingCycleStore.sol#299-370) potentially used before declaration: ! _supports (contracts/JBFundingCycleStore.sol#325) Variable '

--JBPayoutRedemptionPaymentTerminal._currentFeeDiscount(uint256).discount (contracts/abstract/JBPayoutRedemptionPaymentTerminal.sol#1472)' in JBPayoutRedemptionPaymentTerminal._currentFeeDiscount(uint256) (contracts/abstract/JBPayoutRedemptionPaymentTerminal.sol#1462-1480) potentially used before declaration: feeDiscount = discount (contracts/abstract/JBPayoutRedemptionPaymentTerminal.sol#1473)

Findings Information

🌟 Selected for report: 0xA5DF

Also found by: 0v3rf10w, 0x09GTO, 0x1f8b, 0x29A, 0xDjango, 0xKitsune, 0xNazgul, 0xdanial, 0xf15ers, Aymen0909, Bnke0x0, Ch_301, Cheeezzyyyy, Chom, ElKu, Funen, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Lambda, Limbooo, Meera, Metatron, MiloTruck, Noah3o6, Picodes, Randyyy, RedOneN, ReyAdmirado, Rohan16, Saintcode_, Sm4rty, TomJ, Tomio, Tutturu, UnusualTurtle, Waze, _Adam, __141345__, ajtra, apostle0x01, asutorufos, brgltd, c3phas, cRat1st0s, codexploder, defsec, delfin454000, djxploit, durianSausage, exd0tpy, fatherOfBlocks, hake, horsefacts, ignacio, jayfromthe13th, joestakey, jonatascm, kaden, kebabsec, m_Rassska, mektigboy, mrpathfindr, oyc_109, rajatbeladiya, rbserver, rfa, robee, sach1r0, sashik_eth, simon135

Awards

38.2406 USDC - $38.24

Labels

bug
G (Gas Optimization)
valid

External Links

Link to GitHub issue

PREFIX INCREMENTS -prefix cost lest gas then postfix. ++i vs i++ https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L240 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L204 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L211 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L229 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L304 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSingleTokenPaymentTerminalStore.sol#L862 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L85 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L135 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBETHERC20SplitsPayer.sol#L466 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L139 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L167 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L275 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L276 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L913 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L1014

CACHING STORAGE VARIABLES IN MEMORY TO SAVE GAS --In particular, in for loops, when using the length of a storage array as the condition being checked after each loop, caching the array length in memory can yield significant gas savings if the array length is high. https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L204 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L211 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L229 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L304 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSingleTokenPaymentTerminalStore.sol#L862 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L85 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L135 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBETHERC20SplitsPayer.sol#L466 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L139 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L167 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L275 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBDirectory.sol#L276 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L913 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L1014

INITIALIZATION --Let the default zero be applied instead of initializing default variable. this will save gas https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L240 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L204 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L211 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L229 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSplitsStore.sol#L304 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBSingleTokenPaymentTerminalStore.sol#L862 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBProjects.sol#L40 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L85 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L135 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBOperatorStore.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBETHERC20SplitsPayer.sol#L466 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L913

EXTERNAL INSTEAD OF PUBLIC --Using external instead of public can save gas. https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestTokenFlow.sol#L191 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestTokenFlow.sol#L147 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestTokenFlow.sol#L76-L81 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L539 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L471 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L436 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L212 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L124 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L77 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestMultipleTerminals.sol#L157 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestLaunchProject.sol#L69 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestLaunchProject.sol#L50 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestERC20Terminal.sol#L169 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestERC20Terminal.sol#L60 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L95 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L110 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L81 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L64 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L35 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestEIP165.sol#L22 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L20 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L63 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L160

REQUIRE INSTEAD OF && --IMPACT:Require statements including conditions with the && operator can be broken down in multiple require statements to save gas. --MITIGATION: Breakdown each condition in a separate require statement https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBTokenStore.sol#L293

COMPARISON OPERATORS --In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Therefore, using strict comparison operators hence saves gas https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L308 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestERC20Terminal.sol#L170 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestERC20Terminal.sol#L220 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L257 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L161 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L165 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestAllowance.sol#L220 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBReconfigurationBufferBallot.sol#L79 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/JBController.sol#L1075

Constant declaration -Constant state variables should be declared constant to save gas. https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestReconfigure.sol#L22 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestPayBurnRedeemFlow.sol#L27 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestPayBurnRedeemFlow.sol#L28 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestMultipleTerminals.sol#L24 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestMultipleTerminals.sol#L27 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestMultipleTerminals.sol#L26 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestERC20Terminal.sol#L17 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestDistributeHeldFee.sol#L23 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/TestDistributeHeldFee.sol#L24 https://github.com/jbx-protocol/juice-contracts-v2/blob/main/contracts/system_tests/helpers/TestBaseWorkflow.sol#L52

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter