tnevler data for issue #318

data/tnevler-Q.md

@@ -0,0 +1,137 @@
+# Report
+
+## Low Risk ##
+
+### [L-01]: Floating Pragma
+
+**Context:**
+
+Floating Pragma in all contracts.
+
+**Recommendation:**
+
+https://swcregistry.io/docs/SWC-103
+
+Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
+
+### [L-02]: Division by 0 
+
+**Context:**
+
+```
+uint256 acceptanceRatio = (totalVotes * 1e4) / totalVotingPower;
+```
+
+https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062
+
+
+```
+return uint256(voteCount) * 1e4
+            / uint256(totalVotingPower) >= uint256(passThresholdBps);
+```
+
+https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1078
+
+
+**Description:**
+
+Input variable **totalVotingPower** can be zero. This will cause division by zero.
+
+
+**Recommendation:**
+
+Add a check at the beginning of the both functions:
+```
+require(totalVotingPower > 0);
+```
+
+### [L-03]: Loops may exceed gas limit
+
+**Context:**
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L62
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L52
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L61
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L78
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L230
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L239
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L291
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L180
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L14
+
+ + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L32
+
+**Description:**
+
+Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.
+
+## Non-Critical Issues ##
+
+### [N-01]: Constants instead of unknown variables
+**Context:**
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L156 
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L335 
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L129 
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L132
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L135
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L280
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L283 
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1066
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L261
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L263
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L352
+
++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062
+
+**Description:**
+
+Use constant variables to make the code easier to understand and maintain.
+
+**Recommendation:**
+
+Define constants instead of unknown variables.
+
+
+### [N-02]: Public function can be external 
+**Context:** 
+
++ [CrowdfundFactory.createBuyCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L35)
+
++ [CrowdfundFactory.createAuctionCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L61)
+
++ [CrowdfundFactory.createCollectionBuyCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L87)
+
++ [PartyGovernanceNFT.tokenURI](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L88)
+
++ [Crowdfund.burn](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L167)
+
++ [Crowdfund.supportsInterface](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L212)
+
++ [PartyGovernance.supportsInterface](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L323)
+
+**Description:**
+
+Public functions can be declared external if they are not called by the contract.
+
+**Recommendation:**
+
+Declare these functions as external instead of public.