Back to tnevler's contests

PartyDAO contest - tnevler's results

A protocol for buying, using, and selling NFTs as a group.

General Information

Platform: Code4rena

Start Date: 12/09/2022

Pot Size: $75,000 USDC

Total HM: 19

Participants: 110

Period: 7 days

Judge: HardlyDifficult

Total Solo HM: 9

Id: 160

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 55/110

Findings: 2

Award: $117.69

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPartyDAO

Findings Information

🌟 Selected for report: Lambda

Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xDanielC, 0xNazgul, 0xSmartContract, 0xbepresent, Anth3m, Aymen0909, B2, CRYP70, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Funen, JC, JansenC, Jeiwan, KIntern_NA, MasterCookie, MiloTruck, Olivierdem, PaludoX0, R2, RaymondFam, ReyAdmirado, StevenL, The_GUILD, Tomo, Trust, V_B, __141345__, asutorufos, ayeslick, bin2chen, brgltd, bulej93, c3phas, cccz, ch0bu, cryptphi, csanuragjain, d3e4, delfin454000, djxploit, erictee, fatherOfBlocks, gogo, hansfriese, indijanc, ladboy233, leosathya, lukris02, malinariy, martin, pedr02b2, pfapostol, rvierdiiev, slowmoses, smiling_heretic, tnevler, wagmi

Awards

82.3373 USDC - $82.34

Labels

bug
low quality report
QA (Quality Assurance)
sponsor acknowledged

External Links

Link to GitHub issue

Report

Low Risk

[L-01]: Floating Pragma

Context:

Floating Pragma in all contracts.

Recommendation:

https://swcregistry.io/docs/SWC-103

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

[L-02]: Division by 0

Context:

uint256 acceptanceRatio = (totalVotes * 1e4) / totalVotingPower;

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062

return uint256(voteCount) * 1e4
            / uint256(totalVotingPower) >= uint256(passThresholdBps);

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1078

Description:

Input variable totalVotingPower can be zero. This will cause division by zero.

Recommendation:

Add a check at the beginning of the both functions:

require(totalVotingPower > 0);

[L-03]: Loops may exceed gas limit

Context:

Description:

Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.

Non-Critical Issues

[N-01]: Constants instead of unknown variables

Context:

Description:

Use constant variables to make the code easier to understand and maintain.

Recommendation:

Define constants instead of unknown variables.

[N-02]: Public function can be external

Context:

Description:

Public functions can be declared external if they are not called by the contract.

Recommendation:

Declare these functions as external instead of public.

#0 - HardlyDifficult

2022-09-30T19:10:24Z

Merging with https://github.com/code-423n4/2022-09-party-findings/issues/315

Findings Information

🌟 Selected for report: CertoraInc

Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler

Awards

35.348 USDC - $35.35

Labels

bug
G (Gas Optimization)
low quality report
sponsor acknowledged

External Links

Link to GitHub issue

Report

Gas Optimizations

[G-01]: X += Y costs more gas than X = X + Y

Context:

Recommendation:

Change X += Y (X -= Y) to X = X + Y (X = X - Y).

[G-02]: Don't initialize variable with its default value

Context:

Description:

Default value of uint is 0. It's unnecessary and costs more gas to initialize uint variavles to 0.

Recommendation:

Change uint256 i = 0; to uint256 i;

[G-03]: >0 costs more gas than !=0

Context:

Description:

uint256 and uint96 type will never be less than 0.

Recommendation:

Change >0 to !=0.

[G-04]: Use new variable instead of reading array length in every loop of a for-loop

Context:

Description:

If you read the length of the array at each iteration of the loop, this consumes a lot of gas.

Recommendation:

Store the array’s length in a variable before the for-loop, and use this new variable in the loop.

[G-05]: i++ costs more gas than ++i

Context:

for (uint256 i; i < hosts.length; i++) {

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L62

Recommendation:

Change i++ to ++i.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter