Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 48/168
Findings: 3
Award: $291.22
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0xSmartContract, ChristianKuri, ElKu, Lambda, MiloTruck, davidbrai, elad, hansfriese, immeas, ladboy233, scaraven, volky
49.075 USDC - $49.08
Judge has assessed an item in Issue #357 as Medium risk. The relevant finding follows:
#0 - GalloDaSballo
2022-09-27T14:47:42Z
_addFounders allow founders to own all tokens
The _addFounders method allows setting the founders percent ownership to 100%, which then makes minting tokens impossible because it hangs on an infinite loop.
To fix that and reject the contract creation with 100% funders ownership, this line should be changed to
if ((totalOwnership += uint8(founderPct)) >= 100) revert INVALID_FOUNDER_OWNERSHIP(); That is, use a >= comparison instead of >
#1 - GalloDaSballo
2022-09-27T14:47:59Z
Dup of #347
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7743 USDC - $60.77
The _addFounders method allows setting the founders percent ownership to 100%, which then makes minting tokens impossible because it hangs on an infinite loop.
To fix that and reject the contract creation with 100% funders ownership, this line should be changed to
if ((totalOwnership += uint8(founderPct)) >= 100) revert INVALID_FOUNDER_OWNERSHIP();
That is, use a >= comparison instead of >
The name and return type of the function makes it look like it is read-only and has no side effects on the contract, while it actually mints tokens.
I suggest changing it to _performScheduledMint to be consistent with the terminology used on other parts of the contract
The EXECUTION_EXPIRED error was declared but never used
use string.concat instead of abi.encodePacked where simple string concatenation is needed for better readability:
#0 - GalloDaSballo
2022-09-27T01:13:09Z
TODO
R
R
R
NC
3R 1NC
🌟 Selected for report: pfapostol
Also found by: 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Cr4ckM3, Deivitto, DimSon, Franfran, JAGADESH, JC, Jeiwan, Lambda, LeoS, Matin, Metatron, Migue, MiloTruck, PPrieditis, PaludoX0, R2, RaymondFam, Respx, ReyAdmirado, Rolezn, Saintcode_, Samatak, SnowMan, StevenL, Tointer, TomJ, Tomo, WatchDogs, Waze, _Adam, __141345__, ajtra, asutorufos, ballx, brgltd, bulej93, c3phas, ch0bu, dharma09, djxploit, durianSausage, easy_peasy, fatherOfBlocks, gianganhnguyen, gogo, imare, leosathya, lucacez, martin, oyc_109, pauliax, peiw, prasantgupta52, ret2basic, rfa, robee, sikorico, simon135, tofunmi, volky, wagmi, zishansami
181.3668 USDC - $181.37
Considering the following assumptions:
It's safe to assume that a tokenId won't realistically overflow an uint48 in the contract operational timespan.
With that assumption, we can usa a uint48 instead of uint256 on Auction.tokenId and move it down above uint40 startTime to save storage gas with the struct packing.
For consistency, it can be made an uint96 to match the Token Setting.totalSupply while still fitting in a packed uint256
The Governor Settings struct can be tightly packed and use one less storage slot (4 instead of 5) if its members are reordered to:
struct Settings { Token token; Treasury treasury; address vetoer; uint16 proposalThresholdBps; uint16 quorumThresholdBps; uint48 votingDelay; uint48 votingPeriod; }
On Treasury.execute there's a check for the execution readiness of the proposal, which will never be truthy because the only possible execution of this function (onlyOwner modifier) is via Governor.execute, which already checks if the proposal is queued and reverts otherwise
#0 - GalloDaSballo
2022-09-26T20:43:07Z
4k on average