From f238269082529b63f5ddc53d3b2f92b6e31c8818 Mon Sep 17 00:00:00 2001 From: C4 <81770958+code423n4@users.noreply.github.com> Date: Mon, 19 Sep 2022 20:40:11 +0200 Subject: [PATCH] tnevler data for issue #318 --- data/tnevler-Q.md | 137 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 data/tnevler-Q.md diff --git a/data/tnevler-Q.md b/data/tnevler-Q.md new file mode 100644 index 0000000..6734b39 --- /dev/null +++ b/data/tnevler-Q.md @@ -0,0 +1,137 @@ +# Report + +## Low Risk ## + +### [L-01]: Floating Pragma + +**Context:** + +Floating Pragma in all contracts. + +**Recommendation:** + +https://swcregistry.io/docs/SWC-103 + +Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively. + +### [L-02]: Division by 0 + +**Context:** + +``` +uint256 acceptanceRatio = (totalVotes * 1e4) / totalVotingPower; +``` + +https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062 + + +``` +return uint256(voteCount) * 1e4 + / uint256(totalVotingPower) >= uint256(passThresholdBps); +``` + +https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1078 + + +**Description:** + +Input variable **totalVotingPower** can be zero. This will cause division by zero. + + +**Recommendation:** + +Add a check at the beginning of the both functions: +``` +require(totalVotingPower > 0); +``` + +### [L-03]: Loops may exceed gas limit + +**Context:** + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CollectionBuyCrowdfund.sol#L62 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L52 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L61 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L78 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L230 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L239 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ListOnOpenseaProposal.sol#L291 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L180 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L14 + + + https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/LibProposal.sol#L32 + +**Description:** + +Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point. + +## Non-Critical Issues ## + +### [N-01]: Constants instead of unknown variables +**Context:** + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/proposals/ArbitraryCallsProposal.sol#L156 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L335 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L129 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L132 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L135 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L280 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L283 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1066 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L261 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L263 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/distribution/TokenDistributor.sol#L352 + ++ https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L1062 + +**Description:** + +Use constant variables to make the code easier to understand and maintain. + +**Recommendation:** + +Define constants instead of unknown variables. + + +### [N-02]: Public function can be external +**Context:** + ++ [CrowdfundFactory.createBuyCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L35) + ++ [CrowdfundFactory.createAuctionCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L61) + ++ [CrowdfundFactory.createCollectionBuyCrowdfund](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/CrowdfundFactory.sol#L87) + ++ [PartyGovernanceNFT.tokenURI](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernanceNFT.sol#L88) + ++ [Crowdfund.burn](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L167) + ++ [Crowdfund.supportsInterface](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L212) + ++ [PartyGovernance.supportsInterface](https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L323) + +**Description:** + +Public functions can be declared external if they are not called by the contract. + +**Recommendation:** + +Declare these functions as external instead of public.