Back to karanctf's contests

PartyDAO contest - karanctf's results

A protocol for buying, using, and selling NFTs as a group.

General Information

Platform: Code4rena

Start Date: 12/09/2022

Pot Size: $75,000 USDC

Total HM: 19

Participants: 110

Period: 7 days

Judge: HardlyDifficult

Total Solo HM: 9

Id: 160

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 85/110

Findings: 1

Award: $35.63

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPartyDAO

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler

Awards

35.6296 USDC - $35.63

Labels

bug
G (Gas Optimization)
low quality report
sponsor acknowledged
edited-by-warden

External Links

Link to GitHub issue

[G-1] Make increment unchecked for post increment:

for (uint256 i = 0; i < length;) {
    // change it to this format
    unchecked { ++i; }
}
crowdfund/Crowdfund.sol:180:        for (uint256 i = 0; i < contributors.length; ++i) {
crowdfund/Crowdfund.sol:242:        for (uint256 i = 0; i < numContributions; ++i) {
crowdfund/Crowdfund.sol:300:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
crowdfund/Crowdfund.sol:348:            for (uint256 i = 0; i < numContributions; ++i) {
proposals/ListOnOpenseaProposal.sol:291:            for (uint256 i = 0; i < fees.length; ++i) {
proposals/ArbitraryCallsProposal.sol:52:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/ArbitraryCallsProposal.sol:61:        for (uint256 i = 0; i < calls.length; ++i) {
proposals/ArbitraryCallsProposal.sol:78:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/LibProposal.sol:14:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
proposals/LibProposal.sol:32:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
distribution/TokenDistributor.sol:230:        for (uint256 i = 0; i < infos.length; ++i) {
distribution/TokenDistributor.sol:239:        for (uint256 i = 0; i < infos.length; ++i) {
party/PartyGovernance.sol:306:        for (uint256 i=0; i < opts.hosts.length; ++i) {

[G-2] Use preincremnt to save gas i++ to ++i;

crowdfund/CollectionBuyCrowdfund.sol:62:        for (uint256 i; i < hosts.length; i++) {

[G-3] Cache .length in loops

crowdfund/Crowdfund.sol:180:        for (uint256 i = 0; i < contributors.length; ++i) {
crowdfund/Crowdfund.sol:241:        uint256 numContributions = contributions.length;
crowdfund/Crowdfund.sol:300:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
crowdfund/Crowdfund.sol:347:            uint256 numContributions = contributions.length;
crowdfund/Crowdfund.sol:422:            uint256 numContributions = contributions.length;
crowdfund/CollectionBuyCrowdfund.sol:62:        for (uint256 i; i < hosts.length; i++) {
proposals/ListOnOpenseaProposal.sol:291:            for (uint256 i = 0; i < fees.length; ++i) {
proposals/ArbitraryCallsProposal.sol:52:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/ArbitraryCallsProposal.sol:61:        for (uint256 i = 0; i < calls.length; ++i) {
proposals/ArbitraryCallsProposal.sol:78:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/LibProposal.sol:14:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
proposals/LibProposal.sol:32:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
distribution/TokenDistributor.sol:230:        for (uint256 i = 0; i < infos.length; ++i) {
distribution/TokenDistributor.sol:239:        for (uint256 i = 0; i < infos.length; ++i) {
party/PartyGovernance.sol:306:        for (uint256 i=0; i < opts.hosts.length; ++i) {

[G-4] Don't use default values Explicit initialization with zero is not required for variable declaration of numTokens because uints are 0 by default.removeing this will reduce contract size and save a bit of gas.

crowdfund/Crowdfund.sol:180:        for (uint256 i = 0; i < contributors.length; ++i) {
crowdfund/Crowdfund.sol:242:        for (uint256 i = 0; i < numContributions; ++i) {
crowdfund/Crowdfund.sol:300:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
crowdfund/Crowdfund.sol:348:            for (uint256 i = 0; i < numContributions; ++i) {
proposals/ListOnOpenseaProposal.sol:291:            for (uint256 i = 0; i < fees.length; ++i) {
proposals/ArbitraryCallsProposal.sol:52:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/ArbitraryCallsProposal.sol:61:        for (uint256 i = 0; i < calls.length; ++i) {
proposals/ArbitraryCallsProposal.sol:78:            for (uint256 i = 0; i < hadPreciouses.length; ++i) {
proposals/LibProposal.sol:14:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
proposals/LibProposal.sol:32:        for (uint256 i = 0; i < preciousTokens.length; ++i) {
distribution/TokenDistributor.sol:230:        for (uint256 i = 0; i < infos.length; ++i) {
distribution/TokenDistributor.sol:239:        for (uint256 i = 0; i < infos.length; ++i) {
party/PartyGovernance.sol:306:        for (uint256 i=0; i < opts.hosts.length; ++i) {
party/PartyGovernance.sol:432:        uint256 low = 0;

[G-5] If public is not used in same file then use external instead

party/PartyGovernanceNFT.sol:88:    function tokenURI(uint256) public override view returns (string memory) {

[G-06] Use != 0 instead of > 0 in HolyPaladinToken.sol

crowdfund/Crowdfund.sol:144:        if (initialBalance > 0) {
crowdfund/Crowdfund.sol:471:        if (votingPower > 0) {

[G-7] Declare uint256 mid outside of while loop

party/PartyGovernance.sol-433-        while (low < high) {
party/PartyGovernance.sol:434:            uint256 mid = (low + high) / 2;

[G-8] <x> += <y>costs more gas than<x> = <x> + <y>`

crowdfund/Crowdfund.sol:243:            ethContributed += contributions[i].amount;
crowdfund/Crowdfund.sol:352:                    ethOwed += c.amount;
crowdfund/Crowdfund.sol:355:                    ethUsed += c.amount;
crowdfund/Crowdfund.sol:359:                    ethUsed += partialEthUsed;
crowdfund/Crowdfund.sol:374:            votingPower += (splitBps_ * totalEthUsed + (1e4 - 1)) / 1e4; // round up
crowdfund/Crowdfund.sol:411:            totalContributions += amount;
crowdfund/Crowdfund.sol:427:                    lastContribution.amount += amount;
proposals/ArbitraryCallsProposal.sol:72:            ethAvailable -= calls[i].value;
distribution/TokenDistributor.sol:381:        _storedBalances[balanceId] -= amount;
party/PartyGovernance.sol:595:        values.votes += votingPower;
party/PartyGovernance.sol:959:                newDelegateDelegatedVotingPower -= oldSnap.intrinsicVotingPower;
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter