Back to 0xAgro's contests

Timeswap contest - 0xAgro's results

Like Uniswap, but for lending & borrowing.

General Information

Platform: Code4rena

Start Date: 20/01/2023

Pot Size: $90,500 USDC

Total HM: 10

Participants: 59

Period: 7 days

Judge: Picodes

Total Solo HM: 4

Id: 206

League: ETH

Timeswap

Findings Distribution

Researcher Performance

Rank: 41/59

Findings: 1

Award: $65.35

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryTimeswap

Findings Information

🌟 Selected for report: rbserver

Also found by: 0x1f8b, 0xAgro, 0xGusMcCrae, 0xSmartContract, Awesome, Breeje, DadeKuma, Diana, IllIllI, Josiah, Moksha, RaymondFam, Rolezn, SaeedAlipoor01988, Udsen, Viktor_Cortess, brgltd, btk, chaduke, cryptonue, ddimitrov22, delfin454000, descharre, fatherOfBlocks, georgits, hansfriese, lukris02, luxartvinsec, martin, matrix_0wl, mookimgo, oberon, popular00, shark, tnevler

Awards

65.3481 USDC - $65.35

Labels

bug
grade-b
QA (Quality Assurance)
Q-07

External Links

Link to GitHub issue

QA Report

Finding Summary

Low Severity

  1. Unchecked Cast May Overflow

Non-Critical

  1. Order of Functions Not Compliant With Solidity Docs
  2. Contract Layout Voids Solidity Docs
  3. Long Lines
  4. Debug Left in Production Code
  5. Contracts Missing @title Tag
  6. Inconsistent Comment Initial Spacing
  7. Inconsistent Named Returns
  8. Spelling Mistakes

Low Severity

1. Unchecked Cast May Overflow

As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint32(4294967300) will result in 4 without reversion. Consider using a SafeCast for the following code:

/packages/v2-library/src/SafeCast.sol

20:	result = uint16(value);
29:	result = uint96(value);
38:	result = uint160(value);

/packages/v2-pool/src/TimeswapV2Pool.sol

83:	return uint96(block.timestamp + durationForward);

/packages/v2-pool/src/libraries/Duration.sol

13:	return uint96(duration);

/packages/v2-token/src/TimeswapV2LiquidityToken.sol

249:	if (from != address(0)) _feesPositions[id][from].update(uint160(balanceOf(from, id)), long0FeeGrowth, long1FeeGrowth, shortFeeGrowth);
251:	if (to != address(0)) _feesPositions[id][to].update(uint160(balanceOf(to, id)), long0FeeGrowth, long1FeeGrowth, shortFeeGrowth);
277:	(uint256 long0Fees, uint256 long1Fees, uint256 shortFees) = feesPosition.feesEarnedOf(uint160(balanceOf(owner, id)), long0FeeGrowth, long1FeeGrowth, shortFeeGrowth);

Non-Critical

1. Order of Functions Not Compliant With Solidity Docs

The Solidity Style Guide suggests the following function order: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private.

The following contracts are not compliant (examples are only to prove the functions are out of order NOT a full description):

2. Contract Layout Voids Solidity Docs

The Solidity Style Guide suggests the following contract layout order: Type declarations, State variables, Events, Modifiers, Functions.

The following contracts are not compliant (examples are only to prove the layout are out of order NOT a full description):

3. Long Lines (> 120 Characters)

Lines with greater length than 120 characters are used. The Solidity Style Guide suggests that all lines should be 120 characters or less in width.

The following lines are longer than 120 characters, it is suggested to shorten these lines:

/packages/v2-library/src/FullMath.sol

/packages/v2-library/src/StrikeConversion.sol

/packages/v2-pool/src/TimeswapV2Pool.sol

/packages/v2-pool/src/TimeswapV2PoolDeployer.sol

/packages/v2-pool/src/TimeswapV2PoolFactory.sol

/packages/v2-pool/src/interfaces/ITimeswapV2Pool.sol

/packages/v2-pool/src/interfaces/ITimeswapV2PoolDeployer.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolBurnCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolRebalanceCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolLeverageCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolMintCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolDeleverageCallback.sol

/packages/v2-pool/src/structs/LiquidityPosition.sol

/packages/v2-pool/src/structs/Param.sol

/packages/v2-pool/src/structs/Pool.sol

/packages/v2-pool/src/libraries/ConstantProduct.sol

/packages/v2-pool/src/libraries/FeeCalculation.sol

/packages/v2-pool/src/libraries/PoolFactory.sol

/packages/v2-pool/src/libraries/ConstantSum.sol

/packages/v2-pool/src/libraries/DurationCalculation.sol

/packages/v2-pool/src/libraries/DurationWeight.sol

/packages/v2-token/src/interfaces/ITimeswapV2Token.sol

/packages/v2-token/src/interfaces/ITimeswapV2LiquidityToken.sol

/packages/v2-token/src/base/ERC1155Enumerable.sol

/packages/v2-token/src/TimeswapV2LiquidityToken.sol

/packages/v2-token/src/TimeswapV2Token.sol

/packages/v2-token/src/interfaces/callbacks/ITimeswapV2LiquidityTokenMintCallback.sol

/packages/v2-token/src/interfaces/callbacks/ITimeswapV2TokenMintCallback.sol

/packages/v2-token/src/structs/FeesPosition.sol

/packages/v2-token/src/structs/Param.sol

/packages/v2-token/src/structs/Position.sol

/packages/v2-option/src/interfaces/ITimeswapV2Option.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionSwapCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionMintCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionCollectCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionBurnCallback.sol

/packages/v2-option/src/structs/Process.sol

/packages/v2-option/src/structs/Option.sol

/packages/v2-option/src/structs/Param.sol

/packages/v2-option/src/libraries/Proportion.sol

/packages/v2-option/src/libraries/OptionFactory.sol

/packages/v2-option/src/TimeswapV2Option.sol

4. Debug Left in Production Code

Commented (and non-commented) debug lines should be taken out before production (EX. console.log).

/packages/v2-token/src/TimeswapV2Token.sol

109:            console.log("reaches right before mint in timeswapv2Tokne::mint");
170:        // console.log()

5. Contracts Missing @title NatSpec Tag

42 out of 70 of the contracts in scope are missing a @title tag. Given that 28 contracts all have a @title tag, consider adding one per the 42 remaining contracts.

SafeCast.sol, FullMath.sol, Error.sol, Math.sol, Ownership.sol, StrikeConversion.sol, CatchError.sol, TimeswapV2Pool.sol, TimeswapV2PoolFactory.sol, IOwnableTwoSteps.sol, ITimeswapV2PoolBurnCallback.sol, ITimeswapV2PoolRebalanceCallback.sol, ITimeswapV2PoolLeverageCallback.sol, ITimeswapV2PoolMintCallback.sol, ITimeswapV2PoolDeleverageCallback.sol, OwnableTwoSteps.sol, CallbackParam.sol, LiquidityPosition.sol, Param.sol, Pool.sol, PoolFactory.sol, DurationWeight.sol, PoolPair.sol, ReentrancyGuard.sol, Transaction.sol, ERC1155Enumerable.sol, ITimeswapV2LiquidityTokenMintCallback.sol, ITimeswapV2TokenMintCallback.sol, CallbackParam.sol, FeesPosition.sol, Param.sol, Position.sol, Process.sol, CallbackParam.sol, StrikeAndMaturity.sol, Option.sol, Param.sol, Proportion.sol, OptionPair.sol, OptionFactory.sol, Transaction.sol, and Position.sol are missing a @title tag.

6. Inconsistent Comment Initial Spacing

Some comments have an initial space after // or /// while others do not. It is best for code clearity to keep a consistent style.

  1. The following contracts only have initial space comments (EX. // foo): IERC1155Enumerable.sol, ERC1155Enumerable.sol, TimeswapV2LiquidityToken.sol, TimeswapV2Token.sol, CallbackParam.sol, FeesPosition.sol, Param.sol, and Position.sol.
  2. The following contracts have no initial space comments (EX. //foo): SafeCast.sol, Error.sol, Math.sol, Ownership.sol, StrikeConversion.sol, CatchError.sol, TimeswapV2PoolDeployer.sol, TimeswapV2PoolFactory.sol, IOwnableTwoSteps.sol, ITimeswapV2Pool.sol, ITimeswapV2PoolDeployer.sol, ITimeswapV2PoolFactory.sol, ITimeswapV2PoolBurnCallback.sol, ITimeswapV2PoolRebalanceCallback.sol, ITimeswapV2PoolLeverageCallback.sol, ITimeswapV2PoolMintCallback.sol, ITimeswapV2PoolDeleverageCallback.sol, OwnableTwoSteps.sol, CallbackParam.sol, LiquidityPosition.sol, Param.sol, ConstantProduct.sol, FeeCalculation.sol, Duration.sol, PoolFactory.sol, ConstantSum.sol, DurationCalculation.sol, DurationWeight.sol, Fee.sol, PoolPair.sol, ReentrancyGuard.sol, Transaction.sol, ITimeswapV2Token.sol, ITimeswapV2LiquidityToken.sol, ITimeswapV2LiquidityTokenMintCallback.sol, ITimeswapV2TokenMintCallback.sol, ITimeswapV2Option.sol, ITimeswapV2OptionDeployer.sol, ITimeswapV2OptionFactory.sol, ITimeswapV2OptionSwapCallback.sol, ITimeswapV2OptionMintCallback.sol, ITimeswapV2OptionCollectCallback.sol, ITimeswapV2OptionBurnCallback.sol, Process.sol, CallbackParam.sol, StrikeAndMaturity.sol, Param.sol, TimeswapV2OptionFactory.sol, Proportion.sol, OptionPair.sol, OptionFactory.sol, Transaction.sol, and Position.sol.
  3. The following contracts have both: BytesLib.sol, FullMath.sol, TimeswapV2Pool.sol, NoDelegateCall.sol, Pool.sol, TimeswapV2OptionDeployer.sol, Option.sol, NoDelegateCall.sol, and TimeswapV2Option.sol.

7. Inconsistent Named Returns

Some functions use named returns and others do not. It is best for code clearity to keep a consistent style.

  1. The following contracts only have named returns (EX. returns(uint256 foo)): SafeCast.sol, FullMath.sol, Math.sol, TimeswapV2PoolDeployer.sol, LiquidityPosition.sol, Pool.sol, PoolFactory.sol, ConstantSum.sol, DurationCalculation.sol, DurationWeight.sol, TimeswapV2Token.sol, FeesPosition.sol, TimeswapV2OptionDeployer.sol, Option.sol, and OptionFactory.sol.
  2. The following contracts only have non-named returns (EX. returns(uint256)): BytesLib.sol, StrikeConversion.sol, CatchError.sol, Duration.sol, ERC1155Enumerable.sol, Position.sol, and Proportion.sol.
  3. The following contracts have both: TimeswapV2Pool.sol, TimeswapV2PoolFactory.sol, ConstantProduct.sol, FeeCalculation.sol, TimeswapV2LiquidityToken.sol, TimeswapV2OptionFactory.sol, and TimeswapV2Option.sol.

8. Spelling Mistakes

There are some spelling mistakes throughout the codebase. Consider fixing all spelling mistakes.

/packages/v2-library/src/FullMath.sol

/packages/v2-library/src/StrikeConversion.sol

  • The word token is misspelled as toekn.

/packages/v2-pool/src/TimeswapV2Pool.sol

  • The word overridden is misspelled as overidden.
  • The word recipients is misspelled as receipients (1).
  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word recipients is misspelled as receipients (2).
  • The word recipient is misspelled as receipient (4).
  • The word recipients is misspelled as receipients (3).
  • The word recipients is misspelled as receipients (4).

/packages/v2-pool/src/interfaces/ITimeswapV2Pool.sol

  • The word recipient is misspelled as receipeint (1).
  • The word recipient is misspelled as receipeint (2).
  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word recipient is misspelled as receipient (4).
  • The word recipient is misspelled as receipient (5).
  • The word recipient is misspelled as receipient (6).
  • The word recipient is misspelled as receipient (7).
  • The word recipient is misspelled as receipient (8).
  • The word recipient is misspelled as receipient (9).
  • The word recipient is misspelled as receipient (10).
  • The word recipient is misspelled as receipient (11).
  • The word recipient is misspelled as receipient (12).
  • The word recipient is misspelled as receipient (13).
  • The word else is misspelled as ekse.
  • The word recipient is misspelled as receipient (14).
  • The word recipient is misspelled as receipient (15).
  • The word recipient is misspelled as receipient (16).
  • The word transferred is misspelled as transferrred (1).
  • The word transferred is misspelled as transferrred (2).
  • The word transferred is misspelled as transferrred (3).

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolRebalanceCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolLeverageCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolMintCallback.sol

/packages/v2-pool/src/interfaces/callbacks/ITimeswapV2PoolDeleverageCallback.sol

/packages/v2-pool/src/structs/Param.sol

  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word recipient is misspelled as receipient (4).
  • The word recipient is misspelled as receipient (5).
  • The word recipient is misspelled as receipient (6).
  • The word recipient is misspelled as receipient (7).
  • The word recipient is misspelled as receipient (8).
  • The word recipient is misspelled as receipient (9).
  • The word recipient is misspelled as receipient (10).
  • The word recipient is misspelled as receipient (11).

/packages/v2-pool/src/structs/Pool.sol

/packages/v2-pool/src/libraries/ConstantProduct.sol

  • The word liquidity is misspelled as liqudity.
  • The word discriminant is misspelled as disriminant.

/packages/v2-pool/src/libraries/PoolFactory.sol

  • The word retrieved is misspelled as retreived (1).
  • The word retrieved is misspelled as retreived (2).
  • The word retrieved is misspelled as retreived (3).
  • The word retrieved is misspelled as retreived (4).

/packages/v2-token/src/base/ERC1155Enumerable.sol

  • The word overridden is misspelled as overidden (1).
  • The word overridden is misspelled as overidden (2).
  • The word overridden is misspelled as overidden (3).
  • The word overridden is misspelled as overidden (4).

/packages/v2-token/src/structs/CallbackParam.sol

  • The word parameter is misspelled as paramater (1).
  • The word parameter is misspelled as paramater (2).
  • The word initialize is misspelled as initalize.

/packages/v2-token/src/structs/Param.sol

  • The word parameter is misspelled as paramater (1).
  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word parameter is misspelled as paramater (2).
  • The word initialize is misspelled as initalize (1).
  • The word parameter is misspelled as paramater (3).
  • The word recipient is misspelled as receipient (4).
  • The word parameter is misspelled as paramater (4).
  • The word recipient is misspelled as receipient (5).
  • The word initialize is misspelled as initalize (2).
  • The word parameter is misspelled as paramater (5).
  • The word recipient is misspelled as receipient (6).
  • The word initialize is misspelled as initalize (3).

/packages/v2-option/src/interfaces/ITimeswapV2Option.sol

  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word recipient is misspelled as receipient (4).
  • The word recipient is misspelled as receipient (5).
  • The word recipient is misspelled as receipient (6).
  • The word recipient is misspelled as receipient (7).
  • The word recipient is misspelled as receipient (8).
  • The word recipient is misspelled as receipient (9).
  • The word recipient is misspelled as receipient (10).
  • The word recipient is misspelled as receipient (11).

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionSwapCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionMintCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionCollectCallback.sol

/packages/v2-option/src/interfaces/callbacks/ITimeswapV2OptionBurnCallback.sol

/packages/v2-option/src/structs/Process.sol

  • The word multiple is misspelled as multple.

/packages/v2-option/src/structs/Param.sol

  • The word recipient is misspelled as receipient (1).
  • The word recipient is misspelled as receipient (2).
  • The word recipient is misspelled as receipient (3).
  • The word recipient is misspelled as receipient (4).
  • The word recipient is misspelled as receipient (5).
  • The word callback is misspelled as calback (1).
  • The word recipient is misspelled as receipient (6).
  • The word recipient is misspelled as receipient (7).
  • The word recipient is misspelled as receipient (8).
  • The word recipient is misspelled as receipient (9).
  • The word callback is misspelled as calback (2).

/packages/v2-option/src/TimeswapV2Option.sol

  • The word maturities is misspelled as maturies (1).
  • The word maturities is misspelled as maturies (2).
  • The word overridden is misspelled as overidden.

#0 - c4-judge

2023-02-01T22:56:34Z

Picodes marked the issue as grade-a

#1 - c4-judge

2023-02-12T22:43:45Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter