Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 67
Period: 5 days
Judge: Picodes
Total Solo HM: 7
Id: 172
League: ETH
Rank: 50/67
Findings: 1
Award: $37.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, Aymen0909, BClabs, Diana, Jeiwan, Lambda, LeoS, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, SaharAP, Trust, V_B, __141345__, a12jmx, bharg4v, brgltd, carlitox477, ch0bu, chaduke, cloudjunky, cryptostellar5, cryptphi, csanuragjain, d3e4, delfin454000, erictee, fatherOfBlocks, hansfriese, ignacio, joestakey, karanctf, ladboy233, lukris02, mcwildy, minhtrng, peanuts, ret2basic, seyni, slowmoses, svskaushik, tnevler, yixxas
37.8829 USDC - $37.88
In JBTiered721DelegateDeployer.sol L. 83-84 the initialize function is called on a contract instance which can be of type JB721GlobalGovernance, JB721TieredGovernance or JB721TieredDelegate:
JB721GlobalGovernance newDelegate = JB721GlobalGovernance(_clone(codeToCopy)); newDelegate.initialize( ...
Even though this works fine, due to the way inter-contract calls work in the EVM (would break in other statically typed languages), for clarity of code this should be casted to the common base contract which defines the initialize function, namely JB721TieredDelegate:
JB721TieredDelegate newDelegate = JB721TieredDelegate(_clone(codeToCopy)); newDelegate.initialize( ...
The function JBTiered721DelegateStore.votingUnitsOf iterates over all tiers defined on a given NFT-contract. Hypothetically this could cause calls of the function to run out of gas for a large amount of tiers and break JB721GlobalGovernance._getVotingUnits which is again used by Votes._delegate. In practice this seems unlikely to happen, as the function does not perform heavy calculations and would require a very large number of tiers for this to happen.
#0 - c4-judge
2022-11-08T18:18:12Z
Picodes marked the issue as grade-b