Picodes/C4udit_juicebox.md

## C4udit_juicebox.md

      
    Raw
  

              C4udit_juicebox.md
            
          
    c4udit Report

Files analyzed


../2022-10-juicebox/contracts/JB721GlobalGovernance.sol
../2022-10-juicebox/contracts/JB721TieredGovernance.sol
../2022-10-juicebox/contracts/JBTiered721Delegate.sol
../2022-10-juicebox/contracts/JBTiered721DelegateDeployer.sol
../2022-10-juicebox/contracts/JBTiered721DelegateProjectDeployer.sol
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol
../2022-10-juicebox/contracts/libraries/JBBitmap.sol
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol
../2022-10-juicebox/contracts/libraries/JBTiered721FundingCycleMetadataResolver.sol

Issues found

Don't Initialize Variables with Default Value

Impact

Issue Information: G001
Findings:

../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::47 => for (uint256 i = 0; i < _source.length; ++i) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::49 => for (uint256 j = 0; j < digitlength; ++j) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::66 => for (uint256 i = 0; i < _length; i++) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::74 => for (uint256 i = 0; i < _input.length; i++) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::82 => for (uint256 i = 0; i < _indices.length; i++) {

Tools used

c4udit
Cache Array Length Outside of Loop

Impact

Issue Information: G002
Findings:

../2022-10-juicebox/contracts/JB721TieredGovernance.sol::141 => uint256 _numberOfTierDelegates = _setTierDelegatesData.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::216 => if (bytes(_baseUri).length != 0) _store.recordSetBaseUri(_baseUri);
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::219 => if (bytes(_contractUri).length != 0) _store.recordSetContractUri(_contractUri);
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::226 => if (_pricing.tiers.length > 0) _store.recordAddTiers(_pricing.tiers);
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::254 => uint256 _numberOfTiers = _mintReservesForTiersData.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::280 => uint256 _numberOfBeneficiaries = _mintForTiersData.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::309 => uint256 _numberOfTiersToAdd = _tiersToAdd.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::312 => uint256 _numberOfTiersToRemove = _tierIdsToRemove.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::465 => uint256 _numberOfTokens = _tierIds.length;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::521 => _data.metadata.length > 36 &&
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::540 => if (_tierIdsToMint.length != 0)
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::631 => uint256 _mintsLength = _tokenIds.length;
../2022-10-juicebox/contracts/JBTiered721DelegateDeployer.sol::118 => // Shift the length to the length placeholder, in the constructor
../2022-10-juicebox/contracts/JBTiered721DelegateDeployer.sol::121 => // Insert the length in the correct sport (after the PUSH3 / 0x62)
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::198 => // Initialize an array with the appropriate length.
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::485 => uint256 _numberOfTokenIds = _tokenIds.length;
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::580 => uint256 _numberOfNewTiers = _tiersToAdd.length;
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::588 => // Initialize an array with the appropriate length.
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::772 => // Initialize an array with the appropriate length.
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::833 => uint256 _numTiers = _tierIds.length;
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::957 => uint256 _numberOfTiers = _tierIds.length;
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::965 => // Initialize an array with the appropriate length.
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::1028 => uint256 _numberOfTokenIds = _tokenIds.length;
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol::113 => _data.metadata.length < 4 || bytes4(_data.metadata[0:4]) != type(IJB721Delegate).interfaceId
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol::246 => _data.metadata.length < 4 || bytes4(_data.metadata[0:4]) != type(IJB721Delegate).interfaceId
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol::253 => uint256 _numberOfTokenIds = _decodedTokenIds.length;
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::43 => if (_source.length == 0) return new string(0);
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::46 => uint8 digitlength = 1;
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::47 => for (uint256 i = 0; i < _source.length; ++i) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::49 => for (uint256 j = 0; j < digitlength; ++j) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::56 => digits[digitlength] = uint8(carry % 58);
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::57 => digitlength++;
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::61 => return string(_toAlphabet(_reverse(_truncate(digits, digitlength))));
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::64 => function _truncate(uint8[] memory _array, uint8 _length) private pure returns (uint8[] memory) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::65 => uint8[] memory output = new uint8[](_length);
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::66 => for (uint256 i = 0; i < _length; i++) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::73 => uint8[] memory output = new uint8[](_input.length);
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::74 => for (uint256 i = 0; i < _input.length; i++) {
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::75 => output[i] = _input[_input.length - 1 - i];
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::81 => bytes memory output = new bytes(_indices.length);
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::82 => for (uint256 i = 0; i < _indices.length; i++) {

Tools used

c4udit
Use != 0 instead of > 0 for Unsigned Integer Comparison

Impact

Issue Information: G003
Findings:

../2022-10-juicebox/contracts/JBTiered721Delegate.sol::226 => if (_pricing.tiers.length > 0) _store.recordAddTiers(_pricing.tiers);
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::1181 => if (_numerator - JBConstants.MAX_RESERVED_RATE * _numberReservedTokensMintable > 0)
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol::109 => if (_data.tokenCount > 0) revert UNEXPECTED_TOKEN_REDEEMED();
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::55 => while (carry > 0) {

Tools used

c4udit
Use Shift Right/Left instead of Division/Multiplication if possible

Impact

Issue Information: G008
Findings:

../2022-10-juicebox/contracts/libraries/JBBitmap.sol::74 => return _index / 256;
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::50 => carry += uint256(digits[j]) * 256;

Tools used

c4udit
Unspecific Compiler Version Pragma

Impact

Issue Information: L003
Findings:

../2022-10-juicebox/contracts/JB721GlobalGovernance.sol::3 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/JB721TieredGovernance.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/JBTiered721Delegate.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/JBTiered721DelegateDeployer.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/JBTiered721DelegateProjectDeployer.sol::4 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/JBTiered721DelegateStore.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/abstract/JB721Delegate.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/libraries/JBBitmap.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/libraries/JBIpfsDecoder.sol::2 => pragma solidity ^0.8.16;
../2022-10-juicebox/contracts/libraries/JBTiered721FundingCycleMetadataResolver.sol::2 => pragma solidity ^0.8.16;

Tools used

c4udit