QuickSwap and StellaSwap contest - 0xNazgul's results

Lines of code

https://github.com/code-423n4/2022-09-quickswap/blob/main/src/core/contracts/AlgebraPool.sol#L193

Vulnerability details

Impact

AlgebraPool.sol is deployed and initialized in two different transactions. This allows an attacker to be able front-run the AlgebraPool.sol's initialize() after it's deployed.

Proof of Concept

The attacker can do this for two different reasons:

1. Price = MIN_SQRT_RATIO so that they can then get in at the lowest possible price early on.
2. Price = MAX_SQRT_RATIO to force other early users to have to pay the highest possible price.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider doing the deployment process and initialization in the same transaction to prevent this from happening. Could also add in a check so that it can only be called by an admin or the factory.

[NAZ-L1] Missing Equivalence Checks in Setters

Severity: Low Context: AlgebraPool.sol#L952, AlgebraPool.sol#L959, AlgebraPool.sol#L967

Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.

Recommendation: This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.

[NAZ-L2] Missing Zero-address Validation

Severity: Low Context: AlgebraPoolFactory.sol#L77, AlgebraPoolFactory.sol#L84, AlgebraPoolFactory.sol#L91, AlgebraPool.sol#L959, DataStorageOperator.sol#L31, PoolImmutables.sol#L29

Description: Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.

Recommendation: Consider adding explicit zero-address validation on input parameters of address type.

[NAZ-L3] Missing Events In Initialize Functions

Severity: Low Context: DataStorage.sol#L364

Description: None of the initialize functions emit emit init-specific events. They all however have the initializer modifier (from Initializable) so that they can be called only once. Off-chain monitoring of calls to these critical functions is not possible.

Recommendation: It is recommended to emit events in your initialization functions.

[NAZ-N1] Missing Visibility

Severity: Informational Context: DataStorageOperator.sol#L15-L16

Description: It's best practice to explicitly mark visibility of state variables.

Recommendation: Consider adding the missing visibility to the state variables.

[NAZ-N2] Line Length

Severity: Informational Context: AlgebraPoolFactory.sol#L112, AlgebraPool.sol#L221, AlgebraPool.sol#L287, AlgebraPool.sol#L297, AlgebraPool.sol#L345, AlgebraPool.sol#L352, AlgebraPool.sol#L355, AlgebraPool.sol#L383, AlgebraPool.sol#L392, AlgebraPool.sol#L472, AlgebraPool.sol#L529, AlgebraPool.sol#L558, AlgebraPool.sol#L577, AlgebraPool.sol#L601, AlgebraPool.sol#L654, AlgebraPool.sol#L680, AlgebraPool.sol#L802, AlgebraPool.sol#L805, AlgebraPool.sol#L814, AlgebraPool.sol#L872-L873, AlgebraPool.sol#L876, AlgebraPool.sol#L880, DataStorageOperator.sol#L45, DataStorageOperator.sol#L78, AdaptiveFee.sol#L38, AdaptiveFee.sol#L76, DataStorage.sol#L56-L57, DataStorage.sol#L80-L81, DataStorage.sol#L133, DataStorage.sol#L156, DataStorage.sol#L223, DataStorage.sol#L231, DataStorage.sol#L251, DataStorage.sol#L253, DataStorage.sol#L255, DataStorage.sol#L265, DataStorage.sol#L274-L276, DataStorage.sol#L360, DataStorage.sol#L376, DataStorage.sol#L408, DataStorage.sol#L414, DataStorage.sol#L417, PriceMovementMath.sol#L64, PriceMovementMath.sol#L70, PriceMovementMath.sol#L80, PriceMovementMath.sol#L126, PriceMovementMath.sol#L153, PriceMovementMath.sol#L176, TickManager.sol#L25, TickManager.sol#L37-L38, TickManager.sol#L70, TickManager.sol#L128, TickTable.sol#L33-L39, TokenDeltaMath.sol#L53

Description: Max line length must be no more than 120 but many lines are extended past this length.

Recommendation: Consider cutting down the line length below 120.

[NAZ-N3] Function && Variable Naming Convention

Severity Informational Context: AlgebraPoolFactory.sol#L116, AlgebraPoolFactory.sol#L122, AlgebraPool.sol#L70, AlgebraPool.sol#L74, AlgebraPool.sol#L403, AlgebraPoolDeployer.sol#L18-L19, DataStorageOperator.sol#L23-L24, DataStorageOperator.sol#L115, Constants.sol#L5-L17, DataStorage.sol#L13, DataStorage.sol#L32, DataStorage.sol#L49-L50, DataStorage.sol#L66, DataStorage.sol#L94, DataStorage.sol#L105, DataStorage.sol#L148, TickTable.sol#L121, PoolState.sol#L27

Description: The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the mixedCase format unless variables are declared as constant in which case they utilize the UPPER_CASE_WITH_UNDERSCORES format. Private variables and functions should lead with an _underscore.

Recommendation: Consider naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.

[NAZ-N4] Code Structure Deviates From Best-Practice

Severity: Informational Context: AlgebraPool.sol#L79, AlgebraPool.sol#L96, AlgebraPool.sol#L262, AlgebraPool.sol#L675, AlgebraPool.sol#L692, DataStorageOperator.sol#L18, DataStorage.sol#L14, TickManager.sol#L78, TickTable.sol#L68, PoolImmutables.sol#L29

Description: The best-practice layout for a contract should follow the following order: state variables, events, modifiers, constructor and functions. Function ordering helps readers identify which functions they can call and find constructor and fallback functions easier. Functions should be grouped according to their visibility and ordered as: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private. Functions should then further be ordered with view functions coming after the non-view labeled ones.

Recommendation: Consider adopting recommended best-practice for code structure and layout.

[NAZ-N5] Use Underscores for Number Literals

Severity: Informational Context: DataStorageOperator.sol#L15-16, Constants.sol#L17

Description: There are multiple occasions where certain numbers have been hardcoded, either in variables or in the code itself. Large numbers can become hard to read.

Recommendation: Consider using underscores for number literals to improve its readability.

[NAZ-N6] Unclear Revert Messages

Severity Informational Context: All Contracts

Description: All revert messages across every contract are unclear which can lead to confusion. Unclear revert messages may cause misunderstandings on reverted transactions.

Recommendation: Consider making revert messages more clear.

[NAZ-N7] Older Version Pragma

Severity: Informational Context: All Contracts

Description: Using very old versions of Solidity prevents benefits of bug fixes and newer security checks. Using the latest versions might make contracts susceptible to undiscovered compiler bugs.

Recommendation: Consider using the most recent version.

[NAZ-N8] Missing or Incomplete NatSpec

Severity: Informational Context: All Contracts

Description: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.

Recommendation: Consider adding in full NatSpec comments for all functions to have complete code documentation for future use.

[NAZ-G1] Pool's Token Balances Can Avoid Redundant EXTCODESIZE Check

Context: AlgebraPoolDeployer.sol#L44

Description: Once the pool is deployed and it's parameters are no longer needed in the Parameters struct. They can be cleared after deployment to get a gas refund.

Recommendation: Consider using delete to clear the pools parameters after they are deployment to get the gas refund.

[NAZ-G2] Pool's Token Balances Can Avoid Redundant EXTCODESIZE Check

Context: AlgebraPool.sol#L70, AlgebraPool.sol#L74

Description: The pool's token balance functions can be better optimized like so:

function balance0() private view returns (uint256) {
    (bool success, bytes memory data) =
        token0.staticcall(abi.encodeWithSelector(IERC20Minimal.balanceOf.selector, address(this)));
    require(success && data.length >= 32);
    return abi.decode(data, (uint256));
}

This will avoid a redundant EXTCODESIZE check in addition to the RETURNDATASIZE check.

Recommendation: Consider Changing these functions to be better optimized.

[NAZ-G3] Right Shift Instead of Dividing By 2

Context: AdaptiveFee.sol#L88

Description: The SHR opcode is 3 gas cheaper than DIV and also bypasses Solidity's division by 0 prevention overhead.

Recommendation: Consider using right shift instead of dividing by 2.

[NAZ-G4] In require(), Use != 0 Instead of > 0 With Uint Values

Context: AlgebraPool.sol#L224, AlgebraPool.sol#L434, AlgebraPool.sol#L469, AlgebraPool.sol#L641, AlgebraPool.sol#L645, AlgebraPool.sol#L898, PriceMovementMath.sol#L52-L53

Description: In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Recommendation: Use != 0 instead of > 0 with uint values but only in require() statements.

[NAZ-G5] Use ++index instead of index++ to increment a loop counter

Context: DataStorage.sol#L307

Description: Due to reduced stack operations, using ++index saves 5 gas per iteration.

Recommendation: Use ++index to increment a loop counter.

[NAZ-G6] The Increment In For Loop Post Condition Can Be Made Unchecked

Context: DataStorage.sol#L307

Description: (This is only relevant if you are using the default solidity checked arithmetic). i++ involves checked arithmetic, which is not required. This is because the value of i is always strictly less than length <= 2**256 - 1. Therefore, the theoretical maximum value of i to enter the for-loop body is 2**256 - 2. This means that the i++ in the for loop can never overflow. Regardless, the overflow checks are performed by the compiler.

Unfortunately, the Solidity optimizer is not smart enough to detect this and remove the checks. One can manually do this by:

for (uint i = 0; i < length; ) {
    // do something that doesn't change the value of i
    unchecked {
        ++i;
    }
}

Recommendation: Consider doing the increment in the for loop post condition in an unchecked block.

[NAZ-G7] Catching The Array Length Prior To Loop

Context: DataStorage.sol#L307

Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Recommendation: Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.

[NAZ-G8] Setting The Constructor To Payable

Context: AlgebraPool.sol, AlgebraPoolDeployer.sol, DataStorageOperator.sol, PoolImmutables.sol

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.

Recommendation: Set the constructor to payable.

[NAZ-G9] Use of Custom Errors Instead of String

Context: All Contracts

Description: To save some gas the use of custom errors leads to cheaper deploy time cost and run time cost. The run time cost is only relevant when the revert condition is met.

Recommendation: Upgrade contract pragma versions and use Custom Errors instead of strings.

[NAZ-G10] Function Ordering via Method ID

Context: All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.

Recommendation: Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.

[NAZ-G11] Upgrade To At Least 0.8.4

Context: All Contracts

Description: Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!

The advantages of versions =0.8.*= over =<0.8.0= are:

• Safemath by default from =0.8.0= (can be more gas efficient than /some/ library based safemath).
• Low level inliner from =0.8.2=, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For example, OpenZeppelin libraries typically have a lot of small helper functions and if they are not inlined, they cost an additional 20 to 40 gas because of 2 extra =jump= instructions and additional stack operations needed for function calls.
• Optimizer improvements in packed structs: Before =0.8.3=, storing packed structs, in some cases used an additional storage read operation. After EIP-2929, if the slot was already cold, this means unnecessary stack operations and extra deploy time costs. However, if the slot was already warm, this means additional cost of =100= gas alongside the same unnecessary stack operations and extra deploy time costs.
• Custom errors from =0.8.4=, leads to cheaper deploy time cost and run time cost. Note: the run time cost is only relevant when the revert condition is met. In short, replace revert strings by custom errors.

Recommendation: Upgrade to at least 0.8.4 for the additional benefits.