Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 117/168
Findings: 1
Award: $60.77
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7743 USDC - $60.77
The difference between the compiler version used in the libraries (0.8.4) and the compiler version used in writing the main code of the smart contracts of this project may cause disturbances and inconsistencies in the expected performance of some library functions.
In order to prevent the concentration of too much power in one address, it is appropriate to check that the address of the _funder and the _treasury are not the same
The presence of this function causes the owner to disrupt the auction process. For example, if owner is against winning a certain address in an auction, by manipulating the duration of the auction, he interferes with this process, for example, by adding the duration of the auction, he creates another opportunity for other competitors. It is recommended to delete this function.
By manipulating this variable through this function, the owner can disrupt the auction process. For example, he sets this number very high or sets it very low or even zero during the auction and causes manipulation of the possibility of entering or winning a particular address in the auction.
Any user or another contract can execute a proposal using this function. While it seems that the execution of a proposal should be in the hands of certain users, especially the proposal proposer. .
In general, in most cases in this project, there is no solution for changing the address of the main roles. For example, the address of the funder or owner.
Many changes have been made in the design of the token of this project compared to the standard and audited ERC721 token. This issue increases the possibility of errors and bugs. It is recommended to use the standard version, or at least a version with fewer changes.
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/docs/protocol-docs.md
No type of modifier is considered to control access and execution of this function. Therefore, this function can be deployed through any address. The drawback of this method is that it is possible to fraudulently give the address of one or more of the other contracts as an input argument to this function, and by doing so, provide a method that embeds a hidden solution for hacking or attack. And because there is no modification, the address of the manager or the owner can disclaim his responsibility in this case. Usually users don't check details of deploying, or they have not enough knowledge to check this details.
#0 - GalloDaSballo
2022-09-27T00:52:40Z
The auction smart contract is design in such a way that only “one auction” can be held at any time L
The difference between the compiler version used in the libraries (0.8.4) R
Rest I disagree / sounds like a phrase spinned from a slither bot
Please improve your formatting, I'll close as invalid next time
#1 - GalloDaSballo
2022-09-27T00:52:43Z
1L 1R