Platform: Code4rena
Start Date: 30/03/2022
Pot Size: $30,000 USDC
Total HM: 21
Participants: 38
Period: 3 days
Judge: Michael De Luca
Total Solo HM: 10
Id: 104
League: ETH
Rank: 29/38
Findings: 2
Award: $105.05
馃専 Selected for report: 0
馃殌 Solo Findings: 0
馃専 Selected for report: hyh
Also found by: Ruhum, WatchPug, hubble, kirk-baird, leastwood, pedroais, rayn, saian, securerodd
70.1719 USDC - $70.17
April 1, 2022
@securerodd
The initializer function in CoreCollection.sol does not contain the onlyUnInitialized() modifier.
Code:
function initialize( string memory _collectionName, string memory _collectionSymbol, string memory _collectionURI, uint256 _maxSupply, uint256 _mintFee, address _payableToken, bool _isForSale, address _splitFactory ) external onlyOwner onlyValidSupply(_maxSupply) { _name = _collectionName; _symbol = _collectionSymbol; _baseUri = _collectionURI; maxSupply = _maxSupply; mintFee = _mintFee; payableToken = IERC20(_payableToken); isForSale = _isForSale; splitFactory = _splitFactory; initialized = true; }
The onlyUnInitialized() modifier is currently unused in the code base. In CoreFactory.sol, Core Collections are deployed by an EOA or contract interacting with the Core Factory itself. Without the modifier, these owners have the ability to completely reconfigure key aspects of the collection.
Recommendation:
Apply the onlyUnInitialized() modifier to the initializer function in CoreCollection.sol.
#0 - sofianeOuafir
2022-04-14T19:52:35Z
In my opinion, the severity level should be 3 (High Risk)
duplicate of #4
34.8757 USDC - $34.88
April 1, 2022
@securerodd
The for loop in createProject(string memory _projectId, Collection[] memory _collections) within CoreFactory.sol performs a length check and postfix increment at each iteration. The code can be seen below:
require( _collections.length > 0, 'CoreFactory: should have more at least one collection' ); for (uint256 i; i < _collections.length; i++) { ... }
This can be improved by storing the collections length in a local variable in memory and using a prefix increment instead.
Recommended logic:
uint collLength = _collections.length; require( collLength > 0, 'CoreFactory: should have more at least one collection' ); for (uint256 i; i < collLength; ++i) { ... }
Output of provided tests can be seen below. The gas savings would be greater for projects with larger collections.
Existing logic:
__________________________________________________________________________________________________ | Contract 路 Method 路 Min 路 Max 路 Avg 路 # calls | __________________________________________________________________________________________________ | CoreFactory 路 createProject 路 463683 路 878840 路 602069 路 6 | __________________________________________________________________________________________________
Recommened logic:
__________________________________________________________________________________________________ | Contract 路 Method 路 Min 路 Max 路 Avg 路 # calls | __________________________________________________________________________________________________ | CoreFactory 路 createProject 路 463671 路 878820 路 602054 路 6 | __________________________________________________________________________________________________