Platform: Code4rena
Start Date: 12/09/2022
Pot Size: $75,000 USDC
Total HM: 19
Participants: 110
Period: 7 days
Judge: HardlyDifficult
Total Solo HM: 9
Id: 160
League: ETH
Rank: 56/110
Findings: 2
Award: $117.69
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xDanielC, 0xNazgul, 0xSmartContract, 0xbepresent, Anth3m, Aymen0909, B2, CRYP70, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Funen, JC, JansenC, Jeiwan, KIntern_NA, MasterCookie, MiloTruck, Olivierdem, PaludoX0, R2, RaymondFam, ReyAdmirado, StevenL, The_GUILD, Tomo, Trust, V_B, __141345__, asutorufos, ayeslick, bin2chen, brgltd, bulej93, c3phas, cccz, ch0bu, cryptphi, csanuragjain, d3e4, delfin454000, djxploit, erictee, fatherOfBlocks, gogo, hansfriese, indijanc, ladboy233, leosathya, lukris02, malinariy, martin, pedr02b2, pfapostol, rvierdiiev, slowmoses, smiling_heretic, tnevler, wagmi
82.3407 USDC - $82.34
pragmarequire() should be used instead of assert()There are 8 instances of this issue:
File: contracts/crowdfund/CrowdfundNFT.sol 166: assert(false); // Will not be reached.
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundNFT.sol
File: contracts/proposals/ListOnZoraProposal.sol 120: assert(step == ZoraStep.ListedOnZora);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol
File: contracts/proposals/ProposalExecutionEngine.sol 142: assert(currentInProgressProposalId == 0);
File: contracts/distribution/TokenDistributor.sol 385: assert(tokenType == TokenType.Erc20); 411: assert(tokenType == TokenType.Erc20);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol
File: contracts/proposals/ListOnOpenseaProposal.sol 221: assert(step == ListOnOpenseaStep.ListedOnOpenSea); 302: assert(SEAPORT.validate(orders));
File: contracts/party/PartyGovernance.sol 504: assert(tokenType == ITokenDistributor.TokenType.Erc20);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol
emit function called earlyThere are 1 instances of this issue:
File: contracts/party/PartyGovernance.sol 497: emit DistributionCreated(tokenType, token, tokenId);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol
require()/revert() statements should have descriptive reason stringsThere are 2 instances of this issue:
File: contracts/proposals/ProposalExecutionEngine.sol 246: require(proposalType != ProposalType.Invalid); 247: require(uint8(proposalType) < uint8(ProposalType.NumProposalTypes));
Event is missing indexed fieldsEach event should use three indexed fields if there are three or more fields
There are 16 instances of this issue:
File: contracts/proposals/ListOnZoraProposal.sol 45: event ZoraAuctionCreated( 53: event ZoraAuctionExpired(uint256 auctionId, uint256 expiry); 54: event ZoraAuctionSold(uint256 auctionId); 55: event ZoraAuctionFailed(uint256 auctionId);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol
File: contracts/proposals/ProposalExecutionEngine.sol 66: event ProposalEngineImplementationUpgraded(address oldImpl, address newImpl);
File: contracts/crowdfund/BuyCrowdfundBase.sol 52: event Won(Party party, IERC721 token, uint256 tokenId, uint256 settledPrice);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol
File: contracts/proposals/ListOnOpenseaProposal.sol 63: event OpenseaOrderListed( 71: event OpenseaOrderSold( 77: event OpenseaOrderExpired(
File: contracts/crowdfund/Crowdfund.sol 82: event Burned(address contributor, uint256 ethUsed, uint256 ethOwed, uint256 votingPower); 83: event Contributed(address contributor, uint256 amount, address delegate, uint256 previousTotalContributions);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol
File: contracts/party/PartyGovernance.sol 151: event Proposed( 156: event ProposalAccepted( 162: event PartyInitialized(GovernanceOpts opts, IERC721[] preciousTokens, uint256[] preciousTokenIds); 167: event DistributionCreated(ITokenDistributor.TokenType tokenType, address token, uint256 tokenId); 169: event HostStatusTransferred(address oldHost, address newHost);
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol
return variables anywhere in the function is confusingThere are 3 instances of this issue:
File: contracts/party/PartyGovernanceNFT.sol 70: returns (address owner)
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol
File: contracts/proposals/ListOnZoraProposal.sol 82: returns (bytes memory nextProgressData) 172: returns (bool sold)
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol
constants should be defined rather than using magic numbersThere are 7 instances of this issue:
File: contracts/distribution/TokenDistributor.sol 335: if (args.feeBps > 1e4) { 352: uint128 fee = supply * args.feeBps / 1e4;
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol
File: contracts/crowdfund/Crowdfund.sol 129: if (opts.governanceOpts.feeBps > 1e4) { 132: if (opts.governanceOpts.passThresholdBps > 1e4) { 135: if (opts.splitBps > 1e4) { 370: votingPower = ((1e4 - splitBps_) * ethUsed) / 1e4; 374: votingPower += (splitBps_ * totalEthUsed + (1e4 - 1)) / 1e4; // round up
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol
#0 - 0xble
2022-09-26T01:59:58Z
Unhelpful bot report with some suggestions that don't make sense.
🌟 Selected for report: CertoraInc
Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler
35.3505 USDC - $35.35
++i will cost less gas than i++. The same change can be applied to i-- as well.There are 1 instances of this issue:
File: contracts/crowdfund/CollectionBuyCrowdfund.sol 62: for (uint256 i; i < hosts.length; i++) {
There are 5 instances of this issue:
File: contracts/party/PartyGovernanceNFT.sol 70: returns (address owner)
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol
File: contracts/proposals/ListOnZoraProposal.sol 82: returns (bytes memory nextProgressData) 172: returns (bool sold)
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnZoraProposal.sol
File: contracts/distribution/TokenDistributor.sol 406: returns (bytes32 balanceId)
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol
File: contracts/proposals/ListOnOpenseaProposal.sol 127: returns (bytes memory nextProgressData)
constant/non-immutable variables to zero than to let the default of zero be appliedThere are 10 instances of this issue:
File: contracts/proposals/ArbitraryCallsProposal.sol 52: for (uint256 i = 0; i < hadPreciouses.length; ++i) { 61: for (uint256 i = 0; i < calls.length; ++i) { 78: for (uint256 i = 0; i < hadPreciouses.length; ++i) {
File: contracts/distribution/TokenDistributor.sol 230: for (uint256 i = 0; i < infos.length; ++i) { 239: for (uint256 i = 0; i < infos.length; ++i) {
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol
File: contracts/proposals/ListOnOpenseaProposal.sol 291: for (uint256 i = 0; i < fees.length; ++i) {
File: contracts/crowdfund/Crowdfund.sol 180: for (uint256 i = 0; i < contributors.length; ++i) { 242: for (uint256 i = 0; i < numContributions; ++i) { 300: for (uint256 i = 0; i < preciousTokens.length; ++i) { 348: for (uint256 i = 0; i < numContributions; ++i) {
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol
<x> += <y> costs more gas than <x> = <x> + <y> for state variablesThere are 8 instances of this issue:
File: contracts/distribution/TokenDistributor.sol 381: _storedBalances[balanceId] -= amount;
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol
File: contracts/crowdfund/Crowdfund.sol 243: ethContributed += contributions[i].amount; 352: ethOwed += c.amount; 355: ethUsed += c.amount; 359: ethUsed += partialEthUsed; 374: votingPower += (splitBps_ * totalEthUsed + (1e4 - 1)) / 1e4; // round up 411: totalContributions += amount; 427: lastContribution.amount += amount;
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol
> 0 costs less gas than != 0 when used on a uintThere are 2 instances of this issue:
File: contracts/crowdfund/Crowdfund.sol 144: if (initialBalance > 0) { 471: if (votingPower > 0) {
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol