QA Report - Githubissues

Impact

Receipt struct can be tightly packed into smaller size. ~25k gas is saved per each slot write to storage. ~1k gas is saved per each slot read from storage. Current code uses 5 slots 32 bytes each. Affected code: https://github.com/code-423n4/2022-05-factorydao/blob/e22a562c01c533b8765229387894cc0cb9bed116/contracts/PermissionlessBasicPoolFactory.sol#L15-L21

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/control-structures.html#default-value

Tools Used

Recommended Mitigation Steps

Storage usage is reduced to 2 slots. That means 25000 3 gas is saved on each storage update. Plus 1000 3 gas per each storage read is saved.

Recommended code:

struct Receipt {
    uint32 id;   // up-to 4B receipts possible to store
    uint32 timeDeposited;  // the time the deposit was made
    uint32 timeWithdrawn;  // the time the deposit was withdrawn, or 0 if not withdrawn yet
    address owner;  // the owner of the deposit
    uint256 amountDepositedWei;  // amount of tokens originally deposited
}

Impact

Pool struct can be tightly packed into smaller size. ~25k gas is saved per each slot write to storage. ~1k gas is saved per each slot read from storage. Current code uses:

1 + rewardsWeiPerSecondPerToken.length + rewardsWeiClaimed.length + rewardFunding.length + 8 + rewardTokens.length + 1 + 2
min. storage size is 16 slots Affected code: https://github.com/code-423n4/2022-05-factorydao/blob/e22a562c01c533b8765229387894cc0cb9bed116/contracts/PermissionlessBasicPoolFactory.sol#L15-L21

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/control-structures.html#default-value

Tools Used

Recommended Mitigation Steps

Storage usage is reduced to min. 11 slots. That means 25000 5 gas is saved on each storage update. Plus 1000 5 gas per each storage read is saved.

Recommended code:

struct Pool {
    uint128 taxPerCapita;  // portion of rewards that go to the contract creator
    uint32[] rewardsWeiPerSecondPerToken; // array of reward rates, this number gets multiplied by time and tokens (not wei) to determine rewards
    uint32 id; // primary key
    uint32 numReceipts;  // number of receipts issued
    uint32 startTime;  // the time that the pool begins
    uint32 endTime;    // time that the pool ends
    address depositToken;  // token that user deposits (stakes)
    address excessBeneficiary;  // address that is able to reclaim unused rewards
    address[] rewardTokens;  // array of token contract addresses that stakers will receive as rewards
    mapping (uint32 => Receipt) receipts;  // mapping of receipt ids to receipt structs
    uint256[] rewardsWeiClaimed;  // bookkeeping of how many rewards have been paid out for each token
    uint256[] rewardFunding;  // bookkeeping of how many rewards have been supplied for each token
    uint256 maximumDepositWei;  // the size of the pool, maximum sum of all deposits
    uint256 totalDepositsWei;  // current sum of all deposits
}

Impact

Storage keyword is recommended to be used whenever possible. It can save up-to 2k gas per each variable with memory keyword (if updating storage up-to 5-10k). Memory keyword is supposed to be used when temporary data is being updated and calculated regularly. Affected code: https://github.com/code-423n4/2022-05-factorydao/blob/e22a562c01c533b8765229387894cc0cb9bed116/contracts/PermissionlessBasicPoolFactory.sol#L158

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Receipt storage receipt = pool.receipts[receiptId];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

MerkleTree storage tree = merkleTrees[treeIndex];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

MerkleTree storage tree = merkleTrees[treeIndex];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

MerkleTree storage tree = merkleTrees[treeIndex];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

MerkleTree storage tree = merkleTrees[treeIndex];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

MerkleTree storage tree = merkleTrees[treeIndex];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Gate storage gate = gates[index];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Gate storage gate = gates[index];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Gate storage gate = gates[index];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Gate storage gate = gates[index];

Impact

Proof of Concept

https://www.geeksforgeeks.org/storage-vs-memory-in-solidity/

Tools Used

Recommended Mitigation Steps

Recommended code:

Gate storage gate = gates[index];

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/FixedPricePassThruGate.sol#L48

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error PleaseSendMoreETH(); 
.. 
if(msg.value < gate.ethCost)
{
    revert PleaseSendMoreETH();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/FixedPricePassThruGate.sol#L54

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ETH_TransferFailed(); 
.. 
if(!sent)
{
    revert ETH_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleDropFactory.sol#L77

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ERC20_TransferFailed(); 
.. 
if(!IERC20(merkleTree.tokenAddress).transferFrom(msg.sender, address(this), value))
{
    revert ERC20_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleDropFactory.sol#L90

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ProvidedMerkleIndexDoesNotExist(); 
.. 
if(treeIndex > numTrees)
{
    revert ProvidedMerkleIndexDoesNotExist();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleDropFactory.sol#L92

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error YouHaveAlreadyWithdrawnYourEntitledToken(); 
.. 
if(withdrawn[destination][treeIndex])
{
    revert YouHaveAlreadyWithdrawnYourEntitledToken();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleDropFactory.sol#L98

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TheProofCouldNotBeVerified(); 
.. 
if(!tree.merkleRoot.verifyProof(leaf, proof))
{
    revert TheProofCouldNotBeVerified();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleDropFactory.sol#L107

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ERC20_TransferFailed(); 
.. 
if(!IERC20(tree.tokenAddress).transfer(destination, value))
{
    revert ERC20_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleEligibility.sol#L86

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error OnlyGatemasterMayCallThis(); 
.. 
if(msg.sender != gateMaster)
{
    revert OnlyGatemasterMayCallThis();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleEligibility.sol#L89

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error AddressIsNotEligible(); 
.. 
if(!isEligible(index, recipient, proof))
{
    revert AddressIsNotEligible();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleIdentity.sol#L97

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error OnlyTreeAdderCanAddTrees(); 
.. 
if(msg.sender != treeAdder)
{
    revert OnlyTreeAdderCanAddTrees();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleIdentity.sol#L124

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error MerkleIndexOutOfRange(); 
.. 
if(merkleIndex > numTrees)
{
    revert MerkleIndexOutOfRange();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleIdentity.sol#L127

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TheMetadataProofCouldNotBeVerified(); 
.. 
if(!verifyMetadata(tree.metadataMerkleRoot, tokenId, uri, metadataProof))
{
    revert TheMetadataProofCouldNotBeVerified();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L82

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error PctUpFrontLargerOrEqual100(); 
.. 
if(pctUpFront >= 100)
{
    revert PctUpFrontLargerOrEqual100();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L83

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error MinEndTimeMustBeLessThanMaxEndTime(); 
.. 
if(minEndTime >= maxEndTime)
{
    revert MinEndTimeMustBeLessThanMaxEndTime();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L121

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ERC20_TransferFailed(); 
.. 
if(!IERC20(merkleTree.tokenAddress).transferFrom(msg.sender, address(this), value))
{
    revert ERC20_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L136

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CanOnlyInitializeYourOwnTranche(); 
.. 
if(msg.sender != destination)
{
    revert CanOnlyInitializeYourOwnTranche();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L138

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error AlreadyInitialized(); 
.. 
if(initialized[destination][treeIndex])
{
    revert AlreadyInitialized();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L144

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TheProofCouldNotBeVerified(); 
.. 
if(!tree.merkleRoot.verifyProof(leaf, proof))
{
    revert TheProofCouldNotBeVerified();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L149

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error InvalidVestingSchedule(); 
.. 
if(!valid)
{
    revert InvalidVestingSchedule();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L171

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error YouMustInitializeYourAccountFirst(); 
.. 
if(!initialized[destination][treeIndex])
{
    revert YouMustInitializeYourAccountFirst();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L175

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error NoCoinsLeftToWithdraw(); 
.. 
if(tranche.currentCoins == 0)
{
    revert NoCoinsLeftToWithdraw();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleResistor.sol#L204

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenTransferFailed(); 
.. 
if(!IERC20(tree.tokenAddress).transfer(destination, currentWithdrawal))
{
    revert TokenTransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L89

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ERC20_TransferFailed(); 
.. 
if(!IERC20(merkleTree.tokenAddress).transferFrom(msg.sender, address(this), value))
{
    revert ERC20_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L106

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error AlreadyInitialized(); 
.. 
if(initialized[destination][treeIndex])
{
    revert AlreadyInitialized();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L113

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TheProofCouldNotBeVerified(); 
.. 
if(!tree.rootHash.verifyProof(leaf, proof))
{
    revert TheProofCouldNotBeVerified();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L141

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error YouMustInitializeYourAccountFirst(); 
.. 
if(!initialized[destination][treeIndex])
{
    revert YouMustInitializeYourAccountFirst();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L145

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error MustWaitUntilAfterLockPeriod(); 
.. 
if(block.timestamp <= tranche.lockPeriodEndTime)
{
    revert MustWaitUntilAfterLockPeriod();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/MerkleVesting.sol#L147

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error NoCoinsLeftToWithdraw(); 
.. 
if(tranche.currentCoins ==  0)
{
    revert NoCoinsLeftToWithdraw();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L112

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error RewardsAndRewardTokenArraysMustBeSameLength(); 
.. 
if(rewardsWeiPerSecondPerToken.length != rewardTokenAddresses.length)
{
    revert RewardsAndRewardTokenArraysMustBeSameLength();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L148

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenDepositsFailed(); 
.. 
if(!success)
{
    revert TokenDepositsFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L159

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedPool(); 
.. 
if(pool.id != poolId)
{
    revert UninitializedPool();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L160

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedReceipt(); 
.. 
if(receipt.id != receiptId)
{
    revert UninitializedReceipt();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L182

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedPool(); 
.. 
if(pool.id != poolId)
{
    revert UninitializedPool();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L183

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CannotDepositBeforePoolStart(); 
.. 
if(block.timestamp <= pool.startTime)
{
    revert CannotDepositBeforePoolStart();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L184

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CannotDepositAfterPoolEnds(); 
.. 
if(block.timestamp >= pool.endTime)
{
    revert CannotDepositAfterPoolEnds();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L185

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error MaximumDepositAlreadyReached(); 
.. 
if(pool.totalDepositsWei >= pool.maximumDepositWei)
{
    revert MaximumDepositAlreadyReached();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L199

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenTransferFailed(); 
.. 
if(!success)
{
    revert TokenTransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L211

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedPool(); 
.. 
if(pool.id != poolId)
{
    revert UninitializedPool();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L213

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CanOnlyWithdrawRealReceipts(); 
.. 
if(receipt.id != receiptId)
{
    revert CanOnlyWithdrawRealReceipts();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L214

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CanOnlyWithdrawYourOwnDeposit(); 
.. 
if(!(receipt.owner == msg.sender || block.timestamp > pool.endTime))
{
    revert CanOnlyWithdrawYourOwnDeposit();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L215

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CanOnlyWithdrawOncePerReceipt(); 
.. 
if(receipt.timeWithdrawn != 0)
{
    revert CanOnlyWithdrawOncePerReceipt();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L234

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenTransferFailed(); 
.. 
if(!success)
{
    revert TokenTransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L244

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedPool(); 
.. 
if(pool.id != poolId)
{
    revert UninitializedPool();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L245

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CannotWithdrawUntilAllDepositsAreWithdrawn(); 
.. 
if(pool.totalDepositsWei != 0)
{
    revert CannotWithdrawUntilAllDepositsAreWithdrawn();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L246

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ContractMustReachMaturity(); 
.. 
if(block.timestamp <= pool.endTime)
{
    revert ContractMustReachMaturity();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L254

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenTransferFailed(); 
.. 
if(!success)
{
    revert TokenTransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L263

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error UninitializedPool(); 
.. 
if(pool.id != poolId)
{
    revert UninitializedPool();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L271

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenTransferFailed(); 
.. 
if(!success)
{
    revert TokenTransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L315

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error OnlyGlobalbeneficiaryCanSetTax(); 
.. 
if(msg.sender != globalBeneficiary)
{
    revert OnlyGlobalbeneficiaryCanSetTax();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/PermissionlessBasicPoolFactory.sol#L316

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TaxTooHigh(); 
.. 
if(newTaxPerCapita >= 1000))
{
    revert TaxTooHigh();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/SpeedBumpPriceGate.sol#L67

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error PleaseSendMoreETH(); 
.. 
if(msg.value < price)
{
    revert PleaseSendMoreETH();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/SpeedBumpPriceGate.sol#L80

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error ETH_TransferFailed(); 
.. 
if(!sent)
{
    revert ETH_TransferFailed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L123

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error OnlyMinterMayCreateIdentity(); 
.. 
if(msg.sender != _minter)
{
    revert OnlyMinterMayCreateIdentity();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L124

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error TokenAlreadyExists(); 
.. 
if(owners[thisToken] != address(0))
{
    revert TokenAlreadyExists();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L184

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error NoSuchToken(); 
.. 
if(ooner == address(0))
{
    revert NoSuchToken();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L199

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_UnapprovedTransfer(); 
.. 
if(!isApproved(msg.sender, tokenId))
{
    revert Identity_UnapprovedTransfer();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L217

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_TransferToNonErc721ReceiverImplementer(); 
.. 
if(!checkOnERC721Received(from, to, tokenId, data))
{
    revert Identity_TransferToNonErc721ReceiverImplementer();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L239

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_NotAuthorizedToApprove(); 
.. 
if(!isApproved(msg.sender, tokenId))
{
    revert Identity_NotAuthorizedToApprove();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L240

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_ApprovingSelfNotAllowed(); 
.. 
if(holder == approved)
{
    revert Identity_ApprovingSelfNotAllowed();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L262

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_InvalidTokenid(); 
.. 
if(holder == address(0))
{
    revert Identity_InvalidTokenid();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L305

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_TransferOfTokenThatIsNotOwn(); 
.. 
if(owners[tokenId] != from)
{
    revert Identity_TransferOfTokenThatIsNotOwn();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L306

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error Identity_TransferToTheZeroAddress(); 
.. 
if(to == address(0))
{
    revert Identity_TransferToTheZeroAddress();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L437

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error InvalidTokenIndex(); 
.. 
if(_index >= numIdentities)
{
    revert InvalidTokenIndex();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L449

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error IndexOutOfRange(); 
.. 
if(_index >= balances[_address])
{
    revert IndexOutOfRange();
}

Impact

As per 0.8.4 solidity version it supports new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/code-423n4/2022-05-factorydao/tree/main/contracts/VoterID.sol#L450

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended Mitigation Steps

Recommended code:

error CannotQueryZeroAddress(); 
.. 
if(_address == address(0))
{
    revert CannotQueryZeroAddress();
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle.
Affected code: https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/MerkleLib.sol#L22-L24

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Recommended Mitigation Steps

Saves 49 * numberOfIterationsInTheLoop gas.

Recommended code:

for (uint i = 0; i < proof.length;) {
    currentHash = parentHash(currentHash, proof[i]);
    unchecked { i++; }
}

code-423n4 / 2022-05-factorydao-findings

QA Report #50

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Proof of Concept