Platform: Code4rena
Start Date: 18/10/2022
End Date: 23/10/2022
Period: 5 days
Status: Completed
Pot Size: $50,000 USDC
Participants: 67
Reporter: CloudEllie
Judge: Picodes
Id: 172
League: ETH
Trust | 1/67 | $13,376.28 | 5 | 3 | 1 | 1 | 1 | Grade A | 0 | 0 |
0x52 | 2/67 | $9,741.41 | 2 | 2 | 1 | 0 | 0 | 0 | 0 | 0 |
Lambda | 3/67 | $3,820.10 | 3 | 0 | 0 | 2 | 1 | Grade A | 0 | 0 |
berndartmueller | 4/67 | $3,520.32 | 3 | 0 | 0 | 1 | 1 | Grade A | Grade A | 0 |
minhquanym | 5/67 | $3,498.68 | 2 | 1 | 0 | 1 | 1 | 0 | 0 | 0 |
0x1f8b | 6/67 | $2,739.30 | 3 | 0 | 0 | 1 | 1 | Grade B | Grade B | 0 |
Jeiwan | 7/67 | $1,842.44 | 4 | 1 | 0 | 1 | 0 | Grade B | Grade A | 0 |
cccz | 8/67 | $1,811.08 | 3 | 2 | 0 | 1 | 0 | 0 | 0 | 0 |
brgltd | 9/67 | $1,298.66 | 4 | 0 | 0 | 2 | 0 | Grade B | Grade B | 0 |
ladboy233 | 10/67 | $1,210.97 | 3 | 1 | 0 | 1 | 0 | Grade B | 0 | 0 |
Auditor per page
Go to the Juicebox Contribution NFT Reward Mechanism and follow instructions in the readme.
Commit: f9893b1497098241dd3a664956d8016ff0d0efd0
If added to an existing project via a funding cycle, NFT rewards can provide additional incentive for contributors to participate in funding of a project.
Within one collection, NFTs can be minted within any number of pre-programmed tiers.
Each tier has the following optional properties:
New tiers can be added, so long as they respect the contract's flags that specify if new tiers can influence voting units, reserved quantities, or be manually minted.
Tiers can also be removed, so long as they are not locked.
An incoming payment can specify any number of tiers to mint as part of the payment, so long as the tier's prices are contained within the paid amount. If specific tiers aren't specified, the best available tier will be minted, unless a flag is specifically sent along with the payment telling the contract to not mint.
If a tier's contribution floor is specified in a currency different to the incoming payment, a JBPrices contract will by used for trying to normalize the values.
If a payment received does not meet a minting threshold or is in excess of the minted tiers, the balance is stored as a credit which will be added to future payments and applied to mints at that time. A flag can also be passed to avoid accepting payments that aren't applied to mints in full.
The contract's owner can mint on demand from tier's that have been pre-programmed to allow manual token minting.
The NFTs from each tier can also be used for redemptions against the underlying Juicebox treasury. The rate of redemptions corresponds to the price floor of the tier being redeemed, compared to the total price floors of all minted NFTs.
The NFTs can serve as utilities for on-chain governance if specified during the collection's deployment. Voting delegation can be made on a per-tier basis, or on a global basis.
An understanding of how the Juicebox protocol's pay and redeem functionality works is an important prereq to understanding how this repo's contracts work and attach themselves to Juicebox's regular operating behavior. This contract specifically makes use of the DataSource+Delegate pattern. See https://info.juicebox.money/dev/.
In order to use NFT rewards, a Juicebox project should launched from JBTiered721DelegateProjectDeployer instead of a JBController. This Deployer will deploy a JBTiered721Delegate (through it's reference to a JBTiered721DelegateDeployer) and attach it to the first funding cycle of the newly launched project as a DataSource and Delegate. Funding cycle reconfigurations can also be done using the JBTiered721DelegateProjectDeployer, though it will need to have Operator permissions from the project's owner.
The abstract JB721Delegate implementation of the ERC721 Juicebox DataSource+Delegate extension can be used for any distribution mechanic. This repo includes one implementation β the JBTiered721Delegate β as well as two extensions that offer on-chain governance capabilities to the distributed tokens.
All JBTiered721Delegate's use a generic JBTiered721DelegateStore to store it's data.
The deployer copies the data of a pre-existing cononical version of the 721 contracts, which can be either GlobalGovernance, TierGovernance, or no governance. This was done to keep the deployer contract size small enough to be deployable, without the extra cost of the delegatecalls associated with a proxy pattern.
| File | Description |
|---|---|
| contracts/JB721GlobalGovernance.sol | Each NFT can be used for on chain governance, with votes delegatable globally across all tiers |
| contracts/JB721TieredGovernance.sol | Same as Global Governance except delegation is done on a per tier basis |
| contracts/JBTiered721Delegate.sol | The tiered NFT delegate core logic, without the governance |
| contracts/JBTiered721DelegateDeployer.sol | The tiered NFT delegate cloner/deployer, allowing to pick a governance style |
| contracts/JBTiered721DelegateProjectDeployer.sol | Deploy a delegate and create a new Juicebox Project using it |
| contracts/JBTiered721DelegateStore.sol | The state storing contract for tiered NFT delegates |
| contracts/abstract/JB721Delegate.sol | A NFT delegate, offering mint and burn NFT based on pay and redeem |
| contracts/libraries/JBBitmap.sol | A uint256 bitmap library, to handle removed tiers |
| contracts/libraries/JBIpfsDecoder.sol | A library to store and read IPFS hashes as 32 bytes words |
| contracts/libraries/JBTiered721FundingCycleMetadataResolver.sol | A library to read funding cycle metadata in the NFT delegate context |
https://info.juicebox.money/dev/api/contracts/or-delegates/or-abstract/jb721delegate/
Slither does not currently work on the repo. If you find a workaround, please share in the Discord.
- If you have a public code repo, please share it here: https://github.com/jbx-protocol/juice-nft-rewards - How many contracts are in scope?: 5 - Total SLoC for these contracts?: ~1460 - How many external imports are there?: 1 - How many separate interfaces and struct definitions are there for the contracts within scope?: 5 interfaces, 11 structs - Does most of your code generally use composition or inheritance?: 50/50 - How many external calls?: 0 - What is the overall line coverage percentage provided by your tests?: 100% - Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: true - Please describe required context: pay dataSource/delegate, redeem dataSource/delegate from the core Juicebox protocol - Does it use an oracle?: false - Does the token conform to the ERC20 standard?: no - Are there any novel or unique curve logic or mathematical models?: no - Does it use a timelock function?: no - Is it an NFT?: yeah - Does it have an AMM?: no - Is it a fork of a popular project?: false - Does it use rollups?: false - Is it multi-chain?: false - Does it use a side-chain?: false
API docs for the NFT Rewards system are evolving. See https://info.juicebox.money/dev/api/contracts/or-delegates/or-abstract/jb721delegate/, as well as the build/ and learn/ sections.