c4-judge
commented
1 year ago Picodes marked the issue as grade-c
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as grade-c
[L-01] Missing zero address for constructor
Code Snipped
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateDeployer.sol#L46-L49
Recommendation
Checking addresses against zero-address during initialization in constructor is a security best-practice. However, such checks are missing in multiple constructors. Allowing zero-addresses will lead to contract reverts and force redeployments if there are no setters for such address variables. So we recommend to Add zero-address checks in the constructors.
[L-02] Address nft cant be zero
Code Snipped
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateStore.sol#L214
Recommendation
to avoid zero address in nft. we suggest to add zero check adrress to the function.
[N-01] Natspec Incomplete
Code Snipped
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateDeployer.sol#L115
Recommendation
the file has a natspec comment to explain utility about function or parameter. but in these file the natspec comment incomplete. So we recommend to complete the natspec comment to increase readability and make it easier when there is an audit.