Back to 0x4non's contests

bunker.finance contest - 0x4non's results

The easiest way to borrow against your NFTs.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 46

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 117

League: ETH

bunker.finance

Findings Distribution

Researcher Performance

Rank: 25/46

Findings: 2

Award: $150.61

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings Repositorybunker.finance

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1337, 0x1f8b, 0x4non, 0xDjango, David_, Funen, GimelSec, IllIllI, Picodes, TerrierLover, WatchPug, bobi, cryptphi, csanuragjain, delfin454000, dirk_y, ellahi, fatherOfBlocks, hyh, ilan, jayjonah8, kebabsec, leastwood, oyc_109, robee, samruna, simon135, sorrynotsorry, throttle

Awards

98.1322 USDC - $98.13

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Critical function dont emit event

The critical function that change oracle admin doesnt emit any event; https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Oracles/CNftPriceOracle.sol#L54

Consider to add an event or if the admin is meant to never change remove function and add an immutable modifier to the admin variable.

#0 - bunkerfinance-dev

2022-05-18T06:41:34Z

This report was useful to us.

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Fitraldys, Funen, GimelSec, IllIllI, MaratCerby, Picodes, TerrierLover, Tomio, delfin454000, ellahi, fatherOfBlocks, hansfriese, ilan, joestakey, oyc_109, rfa, robee, samruna, simon135, slywaters, throttle

Awards

52.4836 USDC - $52.48

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas optimization

PriceOracleImplementation.sol

Use immutable on L10;

    address public cEtherAddress;

to

    address immutable public cEtherAddress;

CNftPriceOracle.sol

Use unchecked on loops; https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Oracles/CNftPriceOracle.sol#L66-L73

        for (uint256 i = 0; i < cNfts.length;) {
            address underlying = cNfts[i].underlying();
            require(
                underlyingNftxTokenAddress[underlying] == address(0),
                "CNftPriceOracle: Cannot overwrite existing address mappings."
            );
            underlyingNftxTokenAddress[underlying] = nftxTokens[i];
            unchecked{ i++; }
        }

ERC1155Enumerable.sol

Uso unchecked on loop and safe adds and minus, since ERC1155 from openzepellin validates the amounts in: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/ERC1155.sol#L218 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/ERC1155.sol#L176 we could consider this safe.

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ERC1155Enumerable.sol#L51-L68

        for (uint256 i; i < ids.length;) {
            uint256 amount = amounts[i];
            if (amount == 0) {
                continue;
            }

            uint256 id = ids[i];
            if (from == address(0)) {
                unchecked { totalSupply += amount; }
            } else if (balanceOf(from, id) == amount) {
                fromTokens.remove(id);
            }

            if (to == address(0)) {
                unchecked { totalSupply -= amount; }
            } else if (balanceOf(to, id) == 0) {
                toTokens.add(id);
            }
            unchecked { i++; }
        }

CNft.sol

Consider moving this line to the beginning of the function: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L48 Change

        require(tokenIds.length == amounts.length, "CNFT: id/amounts length mismatch");

to

        uint256 length = tokenIds.length;
        require(length == amounts.length, "CNFT: id/amounts length mismatch");

Same issue in https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L96 Change

        require(seizeIds.length == seizeAmounts.length, "CNFT: id/amounts length mismatch");

To

        uint256 length = seizeIds.length;
        require(length == seizeAmounts.length, "CNFT: id/amounts length mismatch");

Same issue in https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L118 Change

        require(tokenIds.length == amounts.length, "CNFT: id/amounts length mismatch");

to

        uint256 length = tokenIds.length;
        require(length == amounts.length, "CNFT: id/amounts length mismatch");

Use unchecked to increas i in loop. You could save gas using the pattern to increment the lopp variable using unchecked in; #L50 #L62 #L72 #L98 #L122 #L145 #L151 #L176

Pattern;

for (uint256 i = 0; i < length;) {
    // implementation
    unckecked{ i++; }
}

UniswapV2PriceOracle.sol

Uso unchecked on increments https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Oracles/UniswapV2PriceOracle.sol#L42-L45

Consider changing;

        for (uint256 i = 0; i < pairs.length; ++i) {
            if (update(pairs[i])) {
                ++numberUpdated;
            }
        }

For

        for (uint256 i = 0; i < pairs.length;) {
            if (update(pairs[i])) {
                unchecked{ numberUpdated++; }
            }
            unchecked{ i++; }
        }
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter