Back to 0x4non's contests

Mimo DeFi contest - 0x4non's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 28/04/2022

Pot Size: $50,000 USDC

Total HM: 7

Participants: 43

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 115

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 24/43

Findings: 2

Award: $148.10

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s

Awards

89.0354 USDC - $89.04

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Shadow variable on: https://github.com/code-423n4/2022-04-mimo/blob/f088e83f79b5ec66fb5eb39e6bb9fe33f446dd49/core/contracts/oracles/BalancerV2LPOracle.sol#L126-L129

Variable decimals has been declared on https://github.com/code-423n4/2022-04-mimo/blob/f088e83f79b5ec66fb5eb39e6bb9fe33f446dd49/core/contracts/oracles/BalancerV2LPOracle.sol#L19

Current code

  function _getNormalizedBalance(address token, uint256 balance) internal view returns (uint256) {
    uint8 decimals = ERC20(token).decimals();
    return balance.mul(MathPow.pow(10, 18 - decimals));
  }

Recommendation

  function _getNormalizedBalance(address token, uint256 balance) internal view returns (uint256) {
    uint8 decimals_ = ERC20(token).decimals();
    return balance.mul(MathPow.pow(10, 18 - decimals_));
  }

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, Funen, GimelSec, MaratCerby, Picodes, Tadashi, Tomio, defsec, delfin454000, joestakey, kebabsec, oyc_109, pauliax, robee, rotcivegaf, samruna, slywaters, sorrynotsorry, ych18, z3s

Awards

59.0559 USDC - $59.06

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas optimizations use immutable, reference; https://medium.com/geekculture/hitchhikers-guide-to-the-evm-56a3d90212ac#3e2c

File https://github.com/code-423n4/2022-04-mimo/blob/f088e83f79b5ec66fb5eb39e6bb9fe33f446dd49/core/contracts/dex/DexAddressProvider.sol#L10

Change IAddressProvider private _a; to IAddressProvider private immutable _a;

File https://github.com/code-423n4/2022-04-mimo/blob/f088e83f79b5ec66fb5eb39e6bb9fe33f446dd49/core/contracts/liquidityMining/v2/PARMinerV2.sol#L22-L23

  IERC20 internal _par;
  IGovernanceAddressProvider internal _a;

Recommendation

  IERC20 internal immutable _par;
  IGovernanceAddressProvider internal immutable _a;

https://github.com/code-423n4/2022-04-mimo/blob/f088e83f79b5ec66fb5eb39e6bb9fe33f446dd49/core/contracts/oracles/BalancerV2LPOracle.sol#L20-L25

  bytes32 public poolId;
  IBalancerVault public vault;
  IBalancerPool public pool;
  AggregatorV3Interface public oracleA;
  AggregatorV3Interface public oracleB;

Recommendation

  bytes32 public immutable poolId;
  IBalancerVault public immutable vault;
  IBalancerPool public immutable pool;
  AggregatorV3Interface public immutable oracleA;
  AggregatorV3Interface public immutable oracleB;
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter