Back to 0xackermann's contests

Fraxlend (Frax Finance) contest - 0xackermann's results

Fraxlend: A permissionless lending platform and the final piece of the Frax Finance Defi Trinity.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $50,000 USDC

Total HM: 15

Participants: 120

Period: 5 days

Judge: Justin Goro

Total Solo HM: 6

Id: 153

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 107/120

Findings: 1

Award: $21.17

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw

Awards

21.1705 USDC - $21.17

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas Report

Use != 0 instead of > 0 for Unsigned Integer Comparison

Locations:

FraxlendPairCore.sol::477 => if (_currentRateInfo.feeToProtocolRate > 0) {
FraxlendPairCore.sol::754 => if (_collateralAmount > 0) {
FraxlendPairCore.sol::835 => if (userBorrowShares[msg.sender] > 0) {
FraxlendPairCore.sol::1002 => if (_leftoverBorrowShares > 0) {
FraxlendPairCore.sol::1094 => if (_initialCollateralAmount > 0) {
FraxlendPairDeployer.sol::379 => _approvedBorrowers.length > 0,
FraxlendPairDeployer.sol::380 => _approvedLenders.length > 0
FraxlendPairHelper.sol::235 => if (_feeToProtocolRate > 0) {
FraxlendPairHelper.sol::292 => if (_leftoverCollateral <= 0 && (_borrowerShares - _sharesToLiquidate) > 0) {
LinearInterestRate.sol::66 => _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0,

Suggestion:

It is cheaper to deal with unsigned integers by using != 0 than > 0.

Unspecific Compiler Version Pragma

Locations:

FraxlendPair.sol::2 => pragma solidity ^0.8.15;
FraxlendPairConstants.sol::2 => pragma solidity ^0.8.15;
FraxlendPairCore.sol::2 => pragma solidity ^0.8.15;
FraxlendPairDeployer.sol::2 => pragma solidity ^0.8.15;
FraxlendPairHelper.sol::2 => pragma solidity ^0.8.15;
FraxlendWhitelist.sol::2 => pragma solidity ^0.8.15;
LinearInterestRate.sol::2 => pragma solidity ^0.8.15;
VariableInterestRate.sol::2 => pragma solidity ^0.8.15;
interfaces/IERC4626.sol::2 => pragma solidity >=0.8.15;
interfaces/IFraxlendPair.sol::2 => pragma solidity >=0.8.15;
interfaces/IFraxlendWhitelist.sol::2 => pragma solidity >=0.8.15;
interfaces/IRateCalculator.sol::2 => pragma solidity >=0.8.15;
interfaces/ISwapper.sol::2 => pragma solidity >=0.8.15;
libraries/SafeERC20.sol::2 => pragma solidity ^0.8.15;
libraries/VaultAccount.sol::2 => pragma solidity ^0.8.15;

Suggestion:

It is suggested to use a concrete compiler version. This is because a new version compiler may be vulnerable and cause fall back in older version of compiler.

++i costs less than i++ (same for --i/i--)

Locations:

FraxlendPair.sol::289 => for (uint256 i = 0; i < _lenders.length; i++) {
FraxlendPair.sol::308 => for (uint256 i = 0; i < _borrowers.length; i++) {
FraxlendWhitelist.sol::51 => for (uint256 i = 0; i < _addresses.length; i++) {
FraxlendWhitelist.sol::66 => for (uint256 i = 0; i < _addresses.length; i++) {
FraxlendWhitelist.sol::81 => for (uint256 i = 0; i < _addresses.length; i++) {
SafeERC20.sol::27 => for (i = 0; i < 32 && data[i] != 0; i++) {

Suggestion:

Save 6 gas per loop.

Splitting require() which uses && saves gas

Locations:

LinearInterestRate.sol::57-68

require(
    _minInterest < MAX_INT && _minInterest <= _vertexInterest && _minInterest >= MIN_INT,
    "LinearInterestRate: _minInterest < MAX_INT && _minInterest <= _vertexInterest && _minInterest >= MIN_INT"
);
require(
    _maxInterest <= MAX_INT && _vertexInterest <= _maxInterest && _maxInterest > MIN_INT,
    "LinearInterestRate: _maxInterest <= MAX_INT && _vertexInterest <= _maxInterest && _maxInterest > MIN_INT"
);
require(
    _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0,
    "LinearInterestRate: _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0"
);

Suggestion:

Instead of using operator && on single require check, using double or more require check can save more gas. Here is an example issue.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter