Back to samruna's contests

FactoryDAO contest - samruna's results

The DAO that builds DAOs.

General Information

Platform: Code4rena

Start Date: 04/05/2022

Pot Size: $50,000 DAI

Total HM: 24

Participants: 71

Period: 5 days

Judge: Justin Goro

Total Solo HM: 14

Id: 119

League: ETH

FactoryDAO

Findings Distribution

Researcher Performance

Rank: 38/71

Findings: 2

Award: $121.05

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFactoryDAO

Findings Information

🌟 Selected for report: horsefacts

Also found by: 0x1f8b, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, AlleyCat, Bruhhh, Dravee, Funen, GimelSec, Hawkeye, IllIllI, MaratCerby, PPrieditis, Picodes, Ruhum, TerrierLover, VAD37, berndartmueller, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, hickuphh3, hyh, ilan, joestakey, juicy, kebabsec, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, sorrynotsorry, throttle

Awards

74.6487 DAI - $74.65

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Duplicate use of return and returns: Code: https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/FixedPricePassThruGate.sol#L38 https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleEligibility.sol#L45 https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleEligibility.sol#L70

Description: The above functions make use of both return and returns. Removing unused named return variables can reduce gas usage

Mitigation: To save gas and improve code quality: the team can consider using only one of those.

  1. Unused parameter Code https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/FixedPricePassThruGate.sol#L46

Description: The above function has an unnamed address parameter. This is not used or required. Please remove.

#0 - illuzen

2022-05-10T06:03:00Z

1 is valid, 2 is mistaken, we have an interface to conform to

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xYamiDancho, 0xf15ers, 0xkatana, ACai, CertoraInc, Dravee, Funen, GimelSec, Hawkeye, PPrieditis, Picodes, Ruhum, TerrierLover, Tomio, VAD37, Waze, csanuragjain, defsec, delfin454000, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, ilan, joestakey, juicy, minhquanym, oyc_109, rajatbeladiya, reassor, rfa, robee, samruna, simon135, z3s

Awards

46.3982 DAI - $46.40

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Use if custom error codes Code: https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/FixedPricePassThruGate.sol#L48 https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleDropFactory.sol#L77 https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleDropFactory.sol#L88 https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleEligibility.sol#L86

Description: Instead of doing require(a==b,"..."), make use of revert with custom error. With Solidity 0.8 and above the revert function is better in terms of gas fee usage. It'll revert the transaction and refund any unused gas fees.

Mitigation: Replace require(msg.value >= gate.ethCost, 'Please send more ETH'); with If (msg.value < gate.ethCost) error INSUFFICIENT_ETH();

#0 - illuzen

2022-05-10T05:58:22Z

Require reverts changes and refunds gas. It even uses the same opcode as revert. Not sure what you are talking about.

https://docs.soliditylang.org/en/v0.8.13/control-structures.html?highlight=revert#error-handling-assert-require-revert-and-exceptions

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter