Back to 0v3rf10w's contests

Alchemix contest - 0v3rf10w's results

A protocol for self-repaying loans with no liquidation risk.

General Information

Platform: Code4rena

Start Date: 05/05/2022

Pot Size: $125,000 DAI

Total HM: 17

Participants: 62

Period: 14 days

Judge: leastwood

Total Solo HM: 15

Id: 120

League: ETH

Alchemix

Findings Distribution

Researcher Performance

Rank: 58/62

Findings: 1

Award: $89.21

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAlchemix

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsomeone, AlleyCat, BowTiedWardens, Cityscape, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Randyyy, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, augustg, bobirichman, catchup, csanuragjain, ellahi, fatherOfBlocks, hake, hansfriese, horsefacts, ignacio, joestakey, kenta, mics, oyc_109, robee, samruna, sashik_eth, sikorico, simon135, throttle

Awards

89.2136 DAI - $89.21

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

gas1:

change to immutable for keccak constants for gas savings https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/AlchemicTokenV2.sol#L21-L27

gas2:

prefer prefix ++i instead of suffic i++ to save gas, no need to init i and better if used unchecked https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/AlchemistV2.sol#L990-L992

        for (uint256 i = 0; i < depositedTokens.values.length; i++) {
            _preemptivelyHarvest(depositedTokens.values[i]);
        }

https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/AlchemistV2.sol#L1461-L1468 https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/AlchemistV2.sol#L1524-L1525 https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/TransmuterBuffer.sol#L172-L173 https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-hardhat/TransmuterBuffer.sol#L186-L187

QA1: Lack of zero checks

AlchemistV2.sol#283 AlchemistV2.sol#428 AlchemistV2.sol#451 TransmuterBuffer.sol#88 TransmuterBuffer.sol#241

QA2:

Initialisers without access controls can be dangerous and front-runned by malicious users. It's advised to use access controls.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter