Pixel Vault NFT Governance Audit#

Perfect Abstractions conducted a smart contract audit of Pixel Vault's NFT Governance Contracts from September 15th to September 29th, 2022.

The git commit hash used for the audit is eb2fb0f8c1bad2ca6a0ecb344994c3004205feee.

Auditors:

• Zac Denham

Audit report reviewed by Nick Mudge.

Overview#

The Pixel Vault NFT governance contracts enable any ERC721 NFT to be used as an opt-in governance token. This could allow for new forms of utility and coordination amongst NFT holders.

It works by implementing a wrapper token called the "Community Token." End users can lock their NFT in the contract in exchange for a community token that corresponds to one governance vote. This vote can be delegated to another address for representation. Community tokens are not tradable on secondary markets (transfers are disabled).

The CommunityToken code makes use of inheritance to modularize functionality. It is broken up into the following main contracts, with each inheriting the previous:

• CommunityToken which is based on ERC721
• ERC721Wrapper which handles receiving and disbursing the root token NFT in exchange for community tokens
• ERC721WrapperVotes which adds checkpointing for historical vote balances as well as delegation functionality
• PVFDWrapperVotes which adds tokenUri functionality

The governance itself is based on Compound's popular "Governor Bravo" contract. More detailed documentation on compound governance can be found here.

One notable governance gas optimization is that not all "Ballots" are stored on chain. Only the vote totals are accounted for, and whether a user has voted on a given proposal is packed into one bit at a position that corresponds to the user's "community id". This optimization reduces the number of "cold" storage slots that need to be updated in order to vote, in the happy case only requiring one slot to be updated. This effectively decreases the gas cost to vote, which might in turn incentivize voter participation.

The quorum mechanic also differs from Compound in that it is dynamically calculated so as to account for fluctuating supply of community tokens vs. Compound which uses a fixed immutable number.

Similar to the community token, governance uses inheritance:

• Governor - based on Compound governance, handles the proposal and voting lifecycle
• PFVDGovernor - adds dynamic quorum functionality based on community token totalSupply

This audit is an assessment of the Pixel Vault NFT governance system.

Objectives#

1. Find bugs, inefficiencies and security vulnerabilities in the code base.
2. Make recommendations concerning bugs, inefficiencies and security vulnerabilities found as well as other recommendations that may improve the code base.

Scope#

The following files were audited:

• contracts/CommunityToken.sol
• contracts/ERC721Wrapper.sol
• contracts/ERC721WrapperVotes.sol
• contracts/Governor.sol
• contracts/GovernorEvents.sol
• contracts/GovernorTypes.sol
• contracts/PVFDGovernor.sol
• contracts/PVFDWrapperVotes.sol
• contracts/TimeCheckpoint.sol
• contracts/TimelockEvents.sol
• contracts/TokenReceiver.sol