c4-judge
commented
2 years ago Picodes marked the issue as grade-b
Open code423n4 opened 2 years ago
c4-judge
commented
2 years ago Picodes marked the issue as grade-b
QA Report for Juicebox contest
Overview
During the audit, 1 low and 9 non-critical issues were found.
Low Risk Findings (1)
L-1. Possible DoS
Description
If the user adds too many
tiers, four functions can run out of gas.Instances
Recommendation
Add the check in this function to prevent the user from adding too many tiers.
Non-Critical Risk Findings (9)
NC-1. Order of Functions
Description
According to Style Guide, ordering helps readers identify which functions they can call and to find the constructor and fallback definitions easier.
Functions should be grouped according to their visibility and ordered: 1) constructor 2) receive function (if exists) 3) fallback function (if exists) 4) external 5) public 6) internal 7) private
Within a grouping, place the view and pure functions last.
Instances
Constructor after functions:
External functions after public:
External functions between public:
Public functions between external:
Recommendation
Reorder functions where possible.
#
NC-2. Public functions can be external
Description
If functions are not called by the contract where they are defined, they can be declared external.
Instances
Recommendation
Make public functions external, where possible.
#
NC-3. Comment lines are too long
Instances
Recommendation
For readability, split comments across multiple lines.
#
NC-4. No error message in require
Instances
#
NC-5. Unused named return variables
Description
Both named return variable(s) and return statement are used.
Instances
Recommendation
To improve clarity use only named return variables.
For example, change:
to
#
NC-6. Constants may be used
Description
Constants may be used instead of literal values.
Instances
For 58:
For 256:
#
NC-7. Missing NatSpec
Description
NatSpec is missing for 7 functions in 2 contracts.
Instances
Recommendation
Add NatSpec for all functions.
#
NC-8. British English and American English
Instances
Recommendation
Choose one.
#
NC-9. Typos and grammar errors
Instances
// Convert the hex string to an hash=>a hashConvert an hex string to base58=>a hex// Forward the recieved weight and memo, and use this contract as a pay delegate.=>received@param _interfaceId The ID of the interface to check for adherance to.=>adherenceA function that will run when a tokens are burned via redemption.=>when tokens@param _tokenId The id of the token for which voting units are being transfered.=>transferredJBOperatable: Several functions in this contract can only be accessed by a project owner, or an address that has been preconfifigured to be an operator of the project.=>preconfiguredThe contract responsibile for deploying the delegate.=>responsible@param _blockNumber the blocknumber to check the voting power at.=>block number@param _blockNumber The blocknumber to check the total voting power at. */=>block number@param _tierId The ID of the tier for which voting units are being transfered.=>transferred@param _tierId The ID of the tier for which voting units are being transfered.=>transferred@param _tierId The ID of the tier for which voting units are being transfered.=>transferred@param _tokenId The ID of the token for which voting units are being transfered.=>transferredassets based based on price floor.=>based@return balance The number of tokens owners by the owner accross all tiers.=>across@param _interfaceId The ID of the interface to check for adherance to.=>adherence// Initialize the sub class.=>subclassSets the beneificiary of the reserved tokens for tiers where a specific beneficiary isn't set.=>beneficiary@param _beneficiary The default beneificiary of the reserved tokens.=>beneficiary// Keep a reference to the flag indicating if the transaction should revert if all provded funds aren't spent.=>provided// Keep a reference to the the specific tier IDs to mint.=> onetheA function that will run when a tokens are burned via redemption.=>when tokensUser the hook to register the first owner if it's not yet regitered.=>registered@param _tokenId The ID of the token being transfered.=>transferred// Transfered must not be paused when not minting or burning.=>Transferred@param _tokenId The ID of the token being transfered.=>transferred@param _tokenId The ID of the token for which voting units are being transfered.=>transferred_nft The NFT contract to which the tier belong.=>belongs// Keep a referecen to the tier being iterated on.=>reference// Increment the total supply with the amount used already.=>already used@return balance The number of tokens owners by the owner accross all tiers.=>across@return The reserved token benficiary.=>beneficiary// Keep a reference to the idex to iterate on next.=>index@param _beneficiary The reservd token beneficiary.=>reserved@param _tierId The ID the tier being transfered=>transferred// If the tier is locked throw an error.=>locked, throw// Get the number of reserved tokens mintable given the number of non reserved tokens minted. This will round down.=>non-reserved