Back to 0x5rings's contests

Frax Ether Liquid Staking contest - 0x5rings's results

A liquid ETH staking derivative designed to uniquely leverage the Frax Finance ecosystem.

General Information

Platform: Code4rena

Start Date: 22/09/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 133

Period: 3 days

Judge: 0xean

Total Solo HM: 2

Id: 165

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 96/133

Findings: 2

Award: $25.30

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: Lambda

Also found by: 0x1f8b, 0x5rings, 0xSky, 0xSmartContract, 8olidity, Chom, CodingNameKiki, IllIllI, Ruhum, Sm4rty, brgltd, hansfriese, m9800, magu, pashov, pedroais, peritoflores, prasantgupta52, rokinot, seyni

Awards

12.4859 USDC - $12.49

Labels

bug
duplicate
2 (Med Risk)
edited-by-warden

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L200

Vulnerability details

Impact

Some tokens do not revert the transaction when the transfer function fails or return false. Which requires us to check the return value after calling the transfer function.

Given that recoverERC20 can accept any tokens. A token such as ZRX would not revert leading to a loss of funds with that token.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Use ERC20 safeTransfer when sending tokens. To allow a revert and prevent loss tokens. Further a Malicious Owner can send a malicious ERC20 Token into the contract

require(IERC20(tokenAddress).safeTransfer(owner, tokenAmount), "recoverERC20: Transfer failed");

#0 - FortisFortuna

2022-09-25T21:28:51Z

Not really medium risk. Technically you could use safeTransfer, but if someone were to accidentally send something to this contract, it would most likely be either ETH, FRAX, frxETH, or sfrxETH, all of which are transfer compliant.

#1 - joestakey

2022-09-26T17:12:06Z

Duplicate of #18

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami

Awards

12.8108 USDC - $12.81

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

++i cost less gas compared to i++. Consider using ++{variable} instead of {variable}++

Files Found:

There are 3 instances of this issue.

  • File: src/DepositContract.sol - line 76
  • File: src/DepositContract.sol - line 83
  • File: src/DepositContract.sol - line 148

Mitigation:

Consider using ++i instead of i++

Require() should be used instead of assert()

Files Found:

There are 1 instances of this issue.

  • File: src/DepositContract.sol - line 158

Mitigation:

Prior to solidity version 0.8.0, hitting an assert consumes the remainder of the transaction's available gas rather than returning it. assert() should be avoided even past solidity version 0.8.0 as its documentation states that.

Using private rather than public for constants, saves gas

Files Found:

There are 2 instances of this issue.

  • File: src/frxETHMinter.sol - line 38
  • File: src/frxETHMinter.sol - line 39

Mitigation:

If needed, the value can be read from the verified contract source code. Savings are due to the compiler not having to create non-payable getter functions for deployment calldata.

x += y costs more gas than x = x + y for state variables

Files Found:

There are 2 instances of this issue.

  • File: src/DepositContract.sol - line 146
  • File: src/frxETHMinter.sol - line 97

Mitigation:

Use x = x + y instead of x += y

It costs more gas to initialise non-constant/non-immutable variables to zero than to let the default of zero be applied

Files Found:

There are 4 instances of this issue.

  • File: src/OperatorRegistry.sol - line 63
  • File: src/OperatorRegistry.sol - line 84
  • File: src/OperatorRegistry.sol - line 114
  • File: src/frxETHMinter.sol - line 129

Mitigation:

uint is initialised at 0. It cost more gas to initialise variable at 0

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter