Platform: Code4rena
Start Date: 23/05/2022
Pot Size: $50,000 USDC
Total HM: 44
Participants: 99
Period: 5 days
Judge: hickuphh3
Total Solo HM: 11
Id: 129
League: ETH
Rank: 56/99
Findings: 2
Award: $86.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0x4non, 0xDjango, 0xKitsune, 0xNazgul, 0xf15ers, ACai, AlleyCat, Bahurum, BouSalman, CertoraInc, Chom, Dravee, ElKu, FSchmoede, Funen, GimelSec, Hawkeye, JC, JMukesh, Kaiziron, MaratCerby, Metatron, PP1004, Picodes, Ruhum, SmartSek, StErMi, TerrierLover, UVvirus, UnusualTurtle, WatchPug, Waze, _Adam, asutorufos, berndartmueller, blackscale, blockdev, broccolirob, c3phas, catchup, cryptphi, csanuragjain, defsec, delfin454000, dipp, eccentricexit, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, hubble, ilan, joestakey, kebabsec, minhquanym, oyc_109, parashar, pauliax, rotcivegaf, sach1r0, sashik_eth, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, xiaoming90
55.4511 USDC - $55.45
Severity: Low
Context: BathHouse.sol#L217-L229, BathHouse.sol#L253-L283, BathHouse.sol#L335-L337, BathToken.sol#L245-L252, BathToken.sol#L265-L272
Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.
Recommendation: Add in the additional checks to validate if the new value being set is the same as the current value already set in the contract.
Severity: Low
Context: BathHouse.sol#L217-L229, BathHouse.sol#L335-L337, BathToken.sol#L260-L262, BathToken.sol#L270-L272
Description: None of the onlyOwner functions that change critical protocol addresses/parameters appear to have a timelock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and given them a chance to perform incident response.
Recommendation: Add a timelock to these functions for a time-delayed change to alert users and protect against possiable malicious changes by compromised owners(s).
Severity: Low
Context: BathHouse.sol#L217-L229, BathHouse.sol#L253-L255, BathHouse.sol#L259-L261, BathHouse.sol#L264-L266, BathHouse.sol#L335-L337, BathToken.sol#L245-L252, BathToken.sol#L265-L272
Description: Lack of zero-address validation on address parameters may lead to reverts and force contract redeployments.
Recommendation: Add explicit zero-address validation on input parameters of address type.
Severity: Low
Context: BathHouse.sol#L232-L250, BathHouse.sol#L253-L283, BathHouse.sol#L335-L337, BathToken.sol#L245-L252, BathToken.sol#L260-L272
Description: Several functions update critical parameters that are missing event emission. These should be performed to ensure tracking of changes of such critical parameters.
Recommendation: Add events to functions that change critical parameters.
Severity: Informational
Context: All Contracts
Description: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.
Recommendation: Add in full NatSpec comments for all functions to have complete code documentation for future use.
Severity: Informational
Context: BathPair.sol#L142-L145
Description: The presence of unused code can confuse future users, developer or auditors. There is no point to have it in and if there is a point, it should be used.
Recommendation: Ensure that the code that is meant to be used or not. If not remove it.
Severity: Informational
Context: BathHouse.sol#L40 (liquity => liquidity), BathHouse.sol#L132 (gaurentee => guarantee), BathHouse.sol#L414 (withdrawls => withdrawals), BathPair.sol#L81 (StrategitTrade => StrategistTrade), BathPair.sol#L192 (rebalances => is rebalancing), BathPair.sol#L211 (acitve => active), BathPair.sol#L318 (Didnt => Did not), BathPair.sol#L439 (requote'd => requoted), BathToken.sol#L29 (intially => initially), BathToken.sol#L29 (intially => initially), BathToken.sol#L220 (constract => contract), BathToken.sol#L627 (distibute => distribute), BathToken.sol#L641 (releaseable => releasable), RubiconMarket.sol#L254 (entrypoint => entry-points), RubiconMarket.sol#L579 (entrypoint => entry-points), RubiconMarket.sol#L809 (offchain => off-chain), RubiconMarket.sol#L851 (acumulator => accumulator), RubiconMarket.sol#L860 (acumulator => accumulator), RubiconMarket.sol#L890 (acumulator => accumulator), RubiconMarket.sol#L901 (acumulator => accumulator), RubiconRouter.sol#L247 (didnt => Did not), RubiconRouter.sol#L392 (didnt => Did not), RubiconRouter.sol#L462 (didnt => Did not), BathBuddy.sol#L110 (transfering => transferring)
Description: Spelling errors in comments can cause confusion to both users and developers.
Recommendation: Check all misspellings to ensure they are corrected.
Severity: Informational
Context: BathBuddy.sol
Description: It is better to use one Solidity compiler version across all contracts instead of different versions with different bugs and security checks.
Recommendation: Ensure all pragma versions are the same one.
Severity: Informational
Context: All Contracts
Description: Using very old versions of Solidity prevents benefits of bug fixes and newer security checks. Using the latest versions might make contracts susceptible to undiscovered compiler bugs.
Recommendation:
Consider using a more recent version such as 0.8.4.
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, Chom, DavidGialdi, Dravee, ElKu, FSchmoede, Fitraldys, Funen, GimelSec, JC, Kaiziron, MaratCerby, Metatron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SmartSek, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, berndartmueller, blackscale, blockdev, c3phas, catchup, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gzeon, hansfriese, ilan, joestakey, minhquanym, oyc_109, pauliax, pedroais, reassor, rfa, rotcivegaf, sach1r0, samruna, sashik_eth, simon135, z3s
30.8734 USDC - $30.87
++index instead of index++ to increment a loop counterContext: BathPair.sol#L305-L319, BathPair.sol#L412-L436, BathPair.sol#L463-L490, BathPair.sol#L578-L586, BathToken.sol#L629-L653, RubiconRouter.sol#L55-L126, RubiconRouter.sol#L161-L189, RubiconRouter.sol#L218-L264
Description:
Due to reduced stack operations, using ++index saves 5 gas per iteration.
Recommendation:
Use ++index to increment a loop counter.
Context: BathPair.sol#L305-L319, BathPair.sol#L578-L586, BathToken.sol#L629-L653, RubiconRouter.sol#L161-L189, RubiconRouter.sol#L218-L264,
Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.
Recommendation:
Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.
require(), Use != 0 Instead of > 0 With Uint ValuesContext: BathHouse.sol#L97-L129 (For L111), BathHouse.sol#L279-L283 (For L281), BathPair.sol#L324-L409 (For L333 & L334), RubiconMarket.sol#L984-L998 (For L985), RubiconMarket.sol#L1001-L1034 (For L1002)
Description:
In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.
Recommendation:
Use != 0 instead of > 0 with uint values but only in require() statements.
Context: BathBuddy.sol
Description:
You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.
Recommendation: Set the constructor to payable.
Context: All Contracts
Description:
Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.
Recommendation:
Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.
Context: All Contracts
Description: Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!
The advantages of versions =0.8.*= over =<0.8.0= are:
Low level inliner from =0.8.2=, leads to cheaper runtime gas.
Especially relevant when the contract has small functions. For
example, OpenZeppelin libraries typically have a lot of small
helper functions and if they are not inlined, they cost an
additional 20 to 40 gas because of 2 extra =jump= instructions and
additional stack operations needed for function calls.Optimizer improvements in packed structs: Before =0.8.3=, storing
packed structs, in some cases used an additional storage read
operation. After EIP-2929, if the slot was already cold, this
means unnecessary stack operations and extra deploy time costs.
However, if the slot was already warm, this means additional cost
of =100= gas alongside the same unnecessary stack operations and
extra deploy time costs.Custom errors from =0.8.4=, leads to cheaper deploy time cost and
run time cost. Note: the run time cost is only relevant when the
revert condition is met. In short, replace revert strings by
custom errors.Recommendation: Upgrade to at least 0.8.4 for the additional benefits.