Golom contest - 0xNazgul's results

Lines of code

https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L151-L156

Vulnerability details

Impact

To withdraw eth it uses transfer(), this transaction will fail inevitably when:

1. The withdrawer smart contract does not implement a payable function.
2. Withdrawer smart contract does implement a payable fallback which uses more than 2300 gas unit
3. The withdrawer smart contract implements a payable fallback function which needs less than 2300 gas unit but is called through proxy that raise the call's gas usage above 2300

Consensys stop using soliditys transfer now

Tools Used

Manual Review

Recommended Mitigation Steps

Consider using the lower-level .call{value: value} instead and check it's success return value. Since there are reentrancy guards on these functions there is no worry of such attack.

Lines of code

https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L236 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L301 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L361

Vulnerability details

Impact

The transferFrom function is used instead of safeTransferFrom. If it is a contract and is not aware of incoming ERC721 tokens, the sent tokens could be locked.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider changing transferFrom to safeTransferFrom and since there are reentrancy guards on these functions there is no worry of such attack.

[NAZ-L01] Signature Malleability of EVM's ecrecover()

Severity: Low Context: GolomTrader.sol#L176

Description: The function calls the Solidity ecrecover() function directly to verify the given signatures. However, the ecrecover() EVM opcode allows malleable (non-unique) signatures and thus is susceptible to replay attacks.

Although a replay attack seems not possible here since the nonce is increased each time, ensuring the signatures are not malleable is considered a best practice.

Recommendation: Use the recover function from OpenZeppelin's ECDSA library for signature verification.

[NAZ-L02] EIP712_DOMAIN_TYPEHASH Can Change

Severity: Low Context: GolomTrader.sol#L92-L110

Description: The variable EIP712_DOMAIN_TYPEHASH is assigned in the constructor and will not change after being initialized. However, if a hard fork happens after the contract deployment, the domain would become invalid on one of the forked chains due to the block.chainid has changed. Also, you don't need an assembly to retrieve chainid, you can get it from a built in variable block.chainid.

Recommendation: Consider the solution from Sushi Trident.

[NAZ-L03] Missing Equivalence Checks in Setters

Severity: Low Context: VoteEscrowDelegation.sol#L260-L262, RewardDistributor.sol#L291-L288, RewardDistributor.sol#L298-L305, RewardDistributor.sol#L444-L451

Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.

Recommendation: This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.

[NAZ-L04] Value Range Validity for Setters

Severity Low Context: VoteEscrowDelegation.sol#L260-L262

Description: These functions doesn't have any checks to ensure that the variables being set is within some kind of value range.

Recommendation: Each variable input parameter updated should have it's own value range checks to ensure their validity.

[NAZ-L05] receive() && fallback() Function Should Emit An Event

Severity: Low Context: RewardDistributor.sol#L313, RewardDistributor.sol#L315, GolomTrader.sol#L459, GolomTrader.sol#L461

Description: Consider emitting an event inside this function with msg.sender and msg.value as the parameters. This would make it easier to track incoming ether transfers.

Recommendation: Add events to the receive() functions.

[NAZ-L06] Missing Zero-address Validation

Severity: Low Context: GolomToken.sol#L28-L54, VoteEscrowDelegation.sol#L52-L66, RewardDistributor.sol#L74-L85, GolomTrader.sol#L92-L110

Description: Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.

Recommendation: Add explicit zero-address validation on input parameters of address type.

[NAZ-L07] Local Variable Shadowing

Severity: Low Context: VoteEscrowDelegation.sol#L71-L89 (For both tokenId && checkpoint), VoteEscrowDelegation.sol#L116-L120, VoteEscrowDelegation.sol#L168-L175, VoteEscrowDelegation.sol#L185-L193, VoteEscrowDelegation.sol#L210-L216 (For both tokenId && checkpoint)

Description: These Variables shadow state variables. As a result, the use of them locally might be incorrect.

Recommendation: Rename the local variables that shadow another component.

[NAZ-L08] Assert Violation That Always-Incorrect Control Flow Implementation

Severity: Low Context: VoteEscrowCore.sol#L493, VoteEscrowCore.sol#L506, VoteEscrowCore.sol#L519, VoteEscrowCore.sol#L666, VoteEscrowCore.sol#L679, VoteEscrowCore.sol#L861, VoteEscrowCore.sol#L977, VoteEscrowCore.sol#L981, VoteEscrowCore.sol#L991, VoteEscrowCore.sol#L1007, VoteEscrowCore.sol#L1023, VoteEscrowCore.sol#L1110, VoteEscrowCore.sol#L1206

Description: The Solidity assert() function is meant to assert invariants. Properly functioning code should never reach a failing assert statement. A reachable assertion can mean one of two things:

1). A bug exists in the contract that allows it to enter an invalid state; 2). The assert statement is used incorrectly, e.g. to validate inputs.

Recommendation: Consider whether the condition checked in the assert() is actually an invariant. If not, replace the assert() statement with a require() statement. If the exception is indeed caused by unexpected behaviour of the code, fix the underlying bug(s) that allow the assertion to be violated.

[NAZ-I01] Unused Import

Severity Informational Context: RewardDistributor.sol#L9

Description: There is an unused import that is meant to only be used in testing.

Recommendation: Consider removing import 'hardhat/console.sol';.

[NAZ-I02] Unclear or no Revert Messages

Severity Informational Context: VoteEscrowDelegation.sol#L239, VoteEscrowDelegation.sol#L245, RewardDistributor.sol#L88, RewardDistributor.sol#L144, RewardDistributor.sol#L158, GolomTrader.sol#L217, GolomTrader.sol#L220, GolomTrader.sol#L285-L288, GolomTrader.sol#L293, GolomTrader.sol#L295-L296, GolomTrader.sol#L313, GolomTrader.sol#L342, GolomTrader.sol#L345, GolomTrader.sol#L347, GolomTrader.sol#L349, GolomTrader.sol#L350, VoteEscrowCore.sol#L360, VoteEscrowCore.sol#L538, VoteEscrowCore.sol#L540, VoteEscrowCore.sol#L646, VoteEscrowCore.sol#L648, VoteEscrowCore.sol#L652, VoteEscrowCore.sol#L869, VoteEscrowCore.sol#L874, VoteEscrowCore.sol#L879, VoteEscrowCore.sol#L884, VoteEscrowCore.sol#L889, VoteEscrowCore.sol#L894-L897, VoteEscrowCore.sol#L927, VoteEscrowCore.sol#L944

Description: Some revert messages are unclear or nonexistent which can lead to confusion. Unclear and nonexistent revert messages may cause misunderstandings on reverted transactions.

Recommendation: Make revert messages more clear or add them in.

[NAZ-I03] Use Underscores for Number Literals

Severity: Informational Context: RewardDistributor.sol#L48, RewardDistributor.sol#L84, RewardDistributor.sol#L100, GolomTrader.sol#L263, GolomTrader.sol#L381, VoteEscrowCore.sol#L296-L297, VoteEscrowCore.sol#L308

Description: There are multiple occasions where certain numbers have been hardcoded, either in variables or in the code itself. Large numbers can become hard to read.

Recommendation: Consider using underscores for number literals to improve its readability.

[NAZ-I04] Commented Out Code

Severity: Informational Context: VoteEscrowDelegation.sol#L6, VoteEscrowDelegation.sol#L218-L225, RewardDistributor.sol#99, RewardDistributor.sol#110

Description: There is commented code that makes the code messy and unneeded.

Recommendation: Remove the commented out code.

[NAZ-I05] Function && Variable Naming Convention

Severity Informational Context: VoteEscrowDelegation.sol#L187 (delegatednft => delegatedNft (All cases)), RewardDistributor.sol#L48 (dailyEmission => DAILYEMISSION (All Cases)), RewardDistributor.sol#L57 (secsInDay => SECSINDAY (All Cases)), RewardDistributor.sol#L172 (tokenid => tokenIds (All Cases)), RewardDistributor.sol#L177 (tokenowner => tokenOwner (All Cases)), RewardDistributor.sol#L180 (tindex => tIndex (All Cases)), RewardDistributor.sol#L224 (unclaimedepochs => unclaimedEpochs (All Cases)), GolomTrader.sol#L124 (_hashOrderinternal => _hashOrderInternal (All Cases)), GolomTrader.sol#L176 (signaturesigner => signatureSigner (All Cases)), GolomTrader.sol#L300 (nftcontract => nftContract (All Cases)), GolomTrader.sol#L381 (protocolfee => protocolFee (All Cases)), VoteEscrowCore.sol#L297 (iMAXTIME => IMAXTIME (All Cases)), VoteEscrowCore.sol#L317 (name => NAME (All Cases)), VoteEscrowCore.sol#L318 (symbol => SYMBOL (All Cases)), VoteEscrowCore.sol#L319 (version => VERSION (All Cases)), VoteEscrowCore.sol#L320 (decimals => DECIMALS (All Cases)), VoteEscrowCore.sol#L359 (nonreentrant => nonReentrant (All Cases)), VoteEscrowCore.sol#L376 (uepoch => uEpoch (All Cases)), VoteEscrowCore.sol#L697 (old_dslope => oldDSlope (All Cases)), VoteEscrowCore.sol#L719 (new_dslope => newDSlope (All Cases)), VoteEscrowCore.sol#L1128 (upoint => uPoint (All Cases))

Description: The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the mixedCase format unless variables are declared as constant in which case they utilize the UPPER_CASE_WITH_UNDERSCORES format.

Recommendation: Naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.

[NAZ-I06] Missing SPDX License Identifier

Severity: Informational Context: TokenUriHelper.sol

Description: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file.

Recommendation: The SPDX license identifier is as [MIT License] and should be SPDX-License-Identifier: MIT, consider making the change.

[NAZ-I07] Spelling Errors

Severity: Informational Context: GolomToken.sol#L6 (OpenZepellin => OpenZeppelin), VoteEscrowDelegation.sol#L4 (votescrow => voteEscrow), VoteEscrowDelegation.sol#L112 (nftid => nftId), VoteEscrowDelegation.sol#L227 (exeute => execute), RewardDistributor.sol#L6 (prorata => pro rata), RewardDistributor.sol#L61-L64 (epoc => epoch), RewardDistributor.sol#L62 (exhange => exchange), RewardDistributor.sol#L67-L68 (upto => up to), RewardDistributor.sol#L66 (tokenid => tokenId), RewardDistributor.sol#L92 (starttime => startTime), RewardDistributor.sol#L93 (rewardstakedeth => rewardStakedETH), RewardDistributor.sol#L95 (facilated => facilitated), RewardDistributor.sol#L101 (dont => do not (twice)), RewardDistributor.sol#L107 (atleast => at least), RewardDistributor.sol#L111 (begiining => beginning), RewardDistributor.sol#L154 (facilated => facilitated), RewardDistributor.sol#L169-L170 (tokenid => tokenId), RewardDistributor.sol#L179 (tokenid => tokenId), RewardDistributor.sol#L184-L185 (cant => can not), RewardDistributor.sol#L214 (tokenid => tokenId), GolomTrader.sol#L53 (succesful => successful), GolomTrader.sol#L54 (facilating => facilitating), GolomTrader.sol#L60 (usefull => useful), GolomTrader.sol#L154 (royaltyaddress => royalty address), GolomTrader.sol#L158 (hashedorder => hashed order), GolomTrader.sol#L196 (ordertype => orderType), GolomTrader.sol#L201 (succesful => successful), GolomTrader.sol#L273 (ordertype => orderType), GolomTrader.sol#L278 (succesful => successful), GolomTrader.sol#L288 (dont => do not), GolomTrader.sol#L328 (ordertype => orderType), GolomTrader.sol#L333 (succesful => successful), GolomTrader.sol#L370 (succesfully => successfully), GolomTrader.sol#L374 (succesful => successful), VoteEscrowCore.sol#L18 (maxtime => MAXTIME), VoteEscrowCore.sol#L26 (maxtime => MAXTIME), VoteEscrowCore.sol#L267 (blocktimes => block times), VoteEscrowCore.sol#L526 (exeute => Execute), VoteEscrowCore.sol#L688 (pevious => previous)

Description: Spelling errors in comments can cause confusion to both users and developers.

Recommendation: Check all misspellings to ensure they are corrected.

[NAZ-I08] Floating Pragma

Severity: Informational Context: GolomToken.sol

Description: Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Recommendation: Lock the pragma version.

[NAZ-I09] Missing or Incomplete NatSpec

Severity: Informational Context: All Contracts

Description: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.

Recommendation: Add in full NatSpec comments for all functions to have complete code documentation for future use.

[NAZ-G01] Unused State Variable

Context: GolomTrader.sol#L72

Description: The state variable governance is unused and can be removed.

Recommendation: Consider removing the unused state variable.

[NAZ-G02] Use of abi.encode Instead of The Cheaper abi.encodePacked

Context: GolomTrader.sol#L414

Description: Changing the abi.encode to abi.encodePackedto save gas since the abi.encode function pads extra null bytes at the end of the bytes.

Recommendation: Change abi.encode to abi.encodePacked.

[NAZ-G03] Right Shift Instead of Dividing By 2

Context: VoteEscrowDelegation.sol#L150, VoteEscrowCore.sol#L1049, VoteEscrowCore.sol#L1120

Description: The SHR opcode is 3 gas cheaper than DIV and also bypasses Solidity's division by 0 prevention overhead.

Recommendation: Use >> 1 instead of / 2.

[NAZ-G04] (o.totalAmt * 50) / 10000 (50 basis points fee) is Calculated Multiple Times In fillAsk()

Context: GolomTrader.sol#L203-L271

Description: (o.totalAmt * 50) / 10000 is calculated five times in fillAsk(). Setting it to a local variable & only being calculated once to be used throughout the function will save gas.

Recommendation: Consider using something like uint256 bpFee = (o.totalAmt * 50) / 10000;.

[NAZ-G05] State Variables That Can Be Set To Immutable

Context: RewardDistributor.sol#L46, RewardDistributor.sol#L68-L69, GolomTrader.sol#L45

Description: Solidity 0.6.5 introduced immutable as a major feature. It allows setting contract-level variables at construction time which gets stored in code rather than storage. Each call to it reads from storage, using a sload costing 2100 gas cold or 100 gas warm. Setting it to immutable will have each storage read of the state variable to be replaced by the instruction push32 value, where value is set during contract construction time and this costs only 3 gas.

Recommendation: Set the state variable to immutable.

[NAZ-G06] For array elements, arr[i] = arr[i] + 1 is cheaper than arr[i] += 1

Context: RewardDistributor.sol#L134-L136, GolomTrader.sol#L229, GolomTrader.sol#L297, GolomTrader.sol#L352, VoteEscrowCore.sol#L818, VoteEscrowCore.sol#L885

Description: Due to stack operations this is 25 gas cheaper when dealing with arrays in storage, and 4 gas cheaper for memory arrays.

Recommendation: Use arr[i] = arr[i] + 1 instead of arr[i] += 1 when dealing with arrays

[NAZ-G07] In require(), Use != 0 Instead of > 0 With Uint Values

Context: VoteEscrowCore.sol#L927-L928, VoteEscrowCore.sol#L944, VoteEscrowCore.sol#L982, VoteEscrowCore.sol#L997

Description: In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Recommendation: Use != 0 instead of > 0 with uint values but only in require() statements.

[NAZ-G08] Use calldata Instead of memory For Function Parameters

Context: RewardDistributor.sol#L98, RewardDistributor.sol#L141, RewardDistributor.sol#L155, RewardDistributor.sol#L172, RewardDistributor.sol#L218, GolomTrader.sol#L412

Description: The dynamic array arr has the storage location memory. When the function gets called externally, the array values are kept in calldata and copied to memory during ABI decoding (using the opcode calldataload and mstore). And during the for loop, arr[i] accesses the value in memory using a mload.

Recommendation: Use calldata instead of memory for function parameters to avoid using memory with array values when a function is getting called externally.

[NAZ-G09] Use ++index instead of index++ to increment a loop counter

Context: VoteEscrowDelegation.sol#L171, VoteEscrowDelegation.sol#L189, VoteEscrowDelegation.sol#L199, RewardDistributor.sol#L143, RewardDistributor.sol#L157, RewardDistributor.sol#L180, RewardDistributor.sol#L183, RewardDistributor.sol#L226, RewardDistributor.sol#L258, RewardDistributor.sol#L273, GolomTrader.sol#L415

Description: Due to reduced stack operations, using ++index saves 5 gas per iteration.

Recommendation: Use ++index to increment a loop counter.

[NAZ-G10] The Increment In For Loop Post Condition Can Be Made Unchecked

Context: VoteEscrowDelegation.sol#L171, VoteEscrowDelegation.sol#L189, VoteEscrowDelegation.sol#L199, RewardDistributor.sol#L143, RewardDistributor.sol#L157, RewardDistributor.sol#L180, RewardDistributor.sol#L183, RewardDistributor.sol#L226, RewardDistributor.sol#L258, RewardDistributor.sol#L273, GolomTrader.sol#L415, VoteEscrowCore.sol#L745, VoteEscrowCore.sol#L1044, VoteEscrowCore.sol#L1115, VoteEscrowCore.sol#L1167

Description: (This is only relevant if you are using the default solidity checked arithmetic). i++ involves checked arithmetic, which is not required. This is because the value of i is always strictly less than length <= 2**256 - 1. Therefore, the theoretical maximum value of i to enter the for-loop body is 2**256 - 2. This means that the i++ in the for loop can never overflow. Regardless, the overflow checks are performed by the compiler.

Unfortunately, the Solidity optimizer is not smart enough to detect this and remove the checks. One can manually do this by:

for (uint i = 0; i < length; i = unchecked_inc(i)) {
    // do something that doesn't change the value of i
}

function unchecked_inc(uint i) returns (uint) {
    unchecked {
        return i + 1;
    }
}

Note that it’s important that the call to unchecked_inc is inlined. This is only possible for solidity versions starting from 0.8.2.

Recommendation: The increment in the for loop post condition can be made unchecked.

[NAZ-G11] Catching The Array Length Prior To Loop

Context: VoteEscrowDelegation.sol#L171, VoteEscrowDelegation.sol#L189, VoteEscrowDelegation.sol#L199, RewardDistributor.sol#L143, RewardDistributor.sol#L157, RewardDistributor.sol#L180, RewardDistributor.sol#L183, GolomTrader.sol#L415

Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Recommendation: Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.

[NAZ-G12] Unused Event

Context: VoteEscrowDelegation.sol#L29

Description: This event is unused and can be removed to save gas on deployment.

Recommendation: Remove the event to save gas or use it.

[NAZ-G13] Setting The Constructor To Payable

Context: All Contracts

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.

Recommendation: Set the constructor to payable.

[NAZ-G14] Use of Custom Errors Instead of String

Context: All Contracts

Description: To save some gas the use of custom errors leads to cheaper deploy time cost and run time cost. The run time cost is only relevant when the revert condition is met.

Recommendation: Use Custom Errors instead of strings.

[NAZ-G15] Function Ordering via Method ID

Context: All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.

Recommendation: Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.