Emmiting events is recommended each time when a state variable's value is being changed or just some critical event for the contract has occurred. It also helps off-chain monitoring of the contract's state.
public functions not called by the contract should be declared external instead
Not checking for return value after function call
Correct error handling after external calls is impornant and may prevent potential vulnerabilities in code. Could not find anything specific that may open a direct attack vector, but there are multiple places in code where this may be applied.
There are 11 instances of this issue:
There are 14 instances of this issue:
File: src/governance/treasury/Treasury.sol
237: function onERC721Received(
247: function onERC1155Received(
258: function onERC1155BatchReceived(
File: src/lib/token/ERC721.sol
83: function balanceOf(address _owner) public view returns (uint256) {
91: function ownerOf(uint256 _tokenId) public view returns (address) {
File: src/lib/utils/Ownable.sol
52: function owner() public view returns (address) {
57: function pendingOwner() public view returns (address) {
63: function transferOwnership(address _newOwner) public onlyOwner {
71: function safeTransferOwnership(address _newOwner) public onlyOwner {
78: function acceptOwnership() public onlyPendingOwner {
87: function cancelOwnershipTransfer() public onlyOwner {
Check if input parameters of type address equal address(0) and uints do not equal 0 - especially if they are strictly associated with important contract's state changes
2022-09-NOUNS-BUILDER
Low Risk and Non-Critical Issues
Events not emmited on important state changes
Emmiting events is recommended each time when a state variable's value is being changed or just some critical event for the contract has occurred. It also helps off-chain monitoring of the contract's state.
There are 4 instances of this issue:
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/token/ERC721.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/EIP712.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/Pausable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/ReentrancyGuard.sol
public
functions not called by the contract should be declaredexternal
insteadNot checking for return value after function call
Correct error handling after external calls is impornant and may prevent potential vulnerabilities in code. Could not find anything specific that may open a direct attack vector, but there are multiple places in code where this may be applied.
There are 11 instances of this issue:
There are 14 instances of this issue:
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/governance/treasury/Treasury.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/token/ERC721.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/token/ERC721Votes.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/EIP712.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/Ownable.sol
Empty
receive()
/fallback()
functionsThere are 1 instances of this issue:
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/governance/treasury/Treasury.sol
Non-library/interface files should use fixed compiler versions, not floating ones
There are 13 instances of this issue:
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/interfaces/IInitializable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/interfaces/IPausable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/proxy/ERC1967Proxy.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/proxy/ERC1967Upgrade.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/proxy/UUPS.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/token/ERC721.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/token/ERC721Votes.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/EIP712.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/Initializable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/Ownable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/Pausable.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/ReentrancyGuard.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/utils/TokenReceiver.sol
Lack of input validation
Check if input parameters of type
address
equal address(0) and uints do not equal 0 - especially if they are strictly associated with important contract's state changesThere are 27 instances of this issue:
Event is missing
indexed
fieldsThere are 9 instances of this issue:
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/auction/IAuction.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/governance/governor/IGovernor.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/governance/treasury/ITreasury.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/interfaces/IERC721.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/lib/interfaces/IERC721Votes.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/manager/IManager.sol
https://github.com/code-423n4/2022-09-nouns-builder/tree/main/src/token/IToken.sol