Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $50,000 USDC
Total HM: 15
Participants: 120
Period: 5 days
Judge: Justin Goro
Total Solo HM: 6
Id: 153
League: ETH
Rank: 29/120
Findings: 2
Award: $99.85
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: 0x1f8b
Also found by: 0x52, 0xA5DF, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, EthLedger, Funen, IllIllI, JC, Junnon, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, SaharAP, Sm4rty, SooYa, The_GUILD, TomJ, Waze, Yiko, _Adam, __141345__, a12jmx, ak1, asutorufos, auditor0517, ayeslick, ballx, beelzebufo, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, cccz, cryptonue, cryptphi, d3e4, delfin454000, dipp, djxploit, durianSausage, dy, erictee, fatherOfBlocks, gogo, gzeon, hyh, ignacio, kyteg, ladboy233, medikko, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, simon135, sryysryy, tabish, yac, yash90, zzzitron
78.6833 USDC - $78.68
Severity Low
Context: FraxlendPairCore.sol#L193, FraxlendPairCore.sol#L235-L236, FraxlendPair.sol#L215
Description: These functions doesn't have any checks to ensure that the variables being set is within some kind of value range.
Recommendation: Each variable input parameter updated should have it's own value range checks to ensure their validity.
Severity: Low
Context: FraxlendWhitelist.sol#L50, FraxlendWhitelist.sol#L65, FraxlendWhitelist.sol#L80, FraxlendPair.sol#L204, FraxlendPair.sol#L215
Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.
Recommendation: This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.
Severity: Low
Context: FraxlendPairCore.sol#L172-L175, FraxlendPairCore.sol#L190-L191, FraxlendPairCore.sol#L225, FraxlendPair.sol#L204, FraxlendPair.sol#L274, FraxlendPairDeployer.sol#L104-L107
Description: Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.
Recommendation: Consider adding explicit zero-address validation on input parameters of address type.
Severity: Low
Context: FraxlendPairCore.sol#L245
Description: None of the initialize functions emit emit init-specific events. They all however have the initializer modifier (from Initializable) so that they can be called only once. Off-chain monitoring of calls to these critical functions is not possible.
Recommendation: It is recommended to emit events in your initialization functions.
Severity: Informational
Context: FraxlendPairCore.sol#L602 (mint => lendAssets)
Description: The variable name is either not as it describes or can be more descriptive.
Recommendation: Consider changing all occurrences of these variables to be more intuitive.
Severity Informational
Context: VaultAccount.sol#L16, VaultAccount.sol#L33, FraxlendPairCore.sol#L81-L89, FraxlendPair.sol#L160-L167, FraxlendPairDeployer.sol#L49-L51, FraxlendPairDeployer.sol#L57-L62
Description:
The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the mixedCase format unless variables are declared as constant in which case they utilize the UPPER_CASE_WITH_UNDERSCORES format. Internal functions should lead with an underscore.
Recommendation: Consider naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.
Severity: Informational
Context: VariableInterestRate.sol#L57, FraxlendWhitelist.sol#L40, FraxlendPair.sol#L68, FraxlendPairDeployer.sol#L406
Description: It's best practice that when there is an empty block, to add a comment in the block explaining why it's empty.
Recommendation:
Consider adding /* Comment on why */ to the empty blocks.
Severity: Informational
Context: All Contracts
Description: The best-practice layout for a contract should follow the following order: state variables, events, modifiers, constructor and functions. Function ordering helps readers identify which functions they can call and find constructor and fallback functions easier. Functions should be grouped according to their visibility and ordered as: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private. Some constructs deviate from this recommended best-practice: Events are in the middle of contracts. External/public functions are mixed with internal/private ones.
Recommendation: Consider adopting recommended best-practice for code structure and layout.
Severity Informational
Context: FraxlendPairCore.sol#L376-L382, FraxlendPairCore.sol#L389, FraxlendPair.sol#L200, FraxlendPair.sol#L228, FraxlendPair.sol#L268
Description: Parameters of certain events are expected to be indexed so that theyโre included in the blockโs bloom filter for faster access. Failure to do so might confuse off-chain tooling looking for such indexed events.
Recommendation: Consider adding the indexed keyword to event parameters that should include it.
Severity: Informational
Context: LinearInterestRate.sol#L34, VariableInterestRate.sol#L35-L36, VariableInterestRate.sol#L40-L42, FraxlendPairConstants.sol#L41, FraxlendPairCore.sol#L194, FraxlendPairDeployer.sol#L49, FraxlendPairDeployer.sol#L51, FraxlendPairDeployer.sol#L171, FraxlendPairDeployer.sol#L173-L174
Description: There are multiple occasions where certain numbers have been hardcoded, either in variables or in the code itself. Large numbers can become hard to read.
Recommendation: Consider using underscores for number literals to improve its readability.
Severity: Informational
Context: VariableInterestRate.sol#L32 (calulcating => calculating), FraxlendWhitelist.sol#L47 (oralce => oracle), FraxlendPairCore.sol#L231 (whitelist => whitlist), FraxlendPairCore.sol#L893 (occured => occurred), FraxlendPairCore.sol#L896 (liabilites => liabilities), FraxlendPairCore.sol#L945 (Liquidate => LiquidateClean), FraxlendPairCore.sol#L992 (calced => Calculated), FraxlendPairCore.sol#L992 (calcs => calculations), FraxlendPairCore.sol#L1010 (stuct => struct), FraxlendPair.sol#L286 (whos => who's), FraxlendPair.sol#L287 (approcal => approval), FraxlendPair.sol#L305 (whos => who's), FraxlendPair.sol#L306 (approcal => approval), FraxlendPairDeployer.sol#L168 (accomodate => accommodate)
Description: Spelling errors in comments can cause confusion to both users and developers.
Recommendation: Consider checking all misspellings to ensure they are corrected.
Severity: Informational
Context: All Contracts
Description: Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Recommendation: Consider locking the pragma version.
๐ Selected for report: IllIllI
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw
21.1745 USDC - $21.17
++index instead of index++ to increment a loop counterContext: SafeERC20.sol#L27, FraxlendWhitelist.sol#L51, FraxlendWhitelist.sol#L66, FraxlendWhitelist.sol#L81, FraxlendPair.sol#L289, FraxlendPair.sol#L308
Description:
Due to reduced stack operations, using ++index saves 5 gas per iteration.
Recommendation:
Use ++index to increment a loop counter.
Context: SafeERC20.sol#L27, FraxlendWhitelist.sol#L51, FraxlendWhitelist.sol#L66, FraxlendWhitelist.sol#L81, FraxlendPairCore.sol#L265, FraxlendPairCore.sol#L270, FraxlendPair.sol#L289, FraxlendPair.sol#L308
Description:
(This is only relevant if you are using the default solidity checked arithmetic). i++ involves checked arithmetic, which is not required. This is because the value of i is always strictly less than length <= 2**256 - 1. Therefore, the theoretical maximum value of i to enter the for-loop body is 2**256 - 2. This means that the i++ in the for loop can never overflow. Regardless, the overflow checks are performed by the compiler.
Unfortunately, the Solidity optimizer is not smart enough to detect this and remove the checks. One can manually do this by:
for (uint i = 0; i < length; ) { // do something that doesn't change the value of i unchecked { ++i; } }
Note that itโs important that the call to unchecked_inc is inlined. This is only possible for solidity versions starting from 0.8.2.
Recommendation: Consider doing the increment in the for loop post condition in an unchecked block.
Context: FraxlendWhitelist.sol#L51, FraxlendWhitelist.sol#L66, FraxlendWhitelist.sol#L81, FraxlendPairCore.sol#L265, FraxlendPairCore.sol#L270, FraxlendPair.sol#L289, FraxlendPair.sol#L308
Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.
Recommendation:
Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.
Context: All Contracts
Description:
You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.
Recommendation: Set the constructor to payable.
Context: LinearInterestRate.sol, FraxlendPairDeployer.sol
Description: To save some gas the use of custom errors leads to cheaper deploy time cost and run time cost. The run time cost is only relevant when the revert condition is met.
Recommendation: Use Custom Errors instead of strings.
Context: All Contracts
Description:
Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.
Recommendation:
Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.