Back to 0xkatana's contests

prePO contest - 0xkatana's results

Gain exposure to pre-IPO companies & pre-token projects.

General Information

Platform: Code4rena

Start Date: 17/03/2022

Pot Size: $30,000 USDC

Total HM: 8

Participants: 43

Period: 3 days

Judge: gzeon

Total Solo HM: 5

Id: 100

League: ETH

prePO

Findings Distribution

Researcher Performance

Rank: 18/43

Findings: 2

Award: $132.23

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryprePO

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, 0xwags, CertoraInc, Funen, GeekyLumberjack, GreyArt, IllIllI, Kenshin, Ruhum, TerrierLover, WatchPug, berndartmueller, bugwriter001, cccz, cmichel, csanuragjain, hake, kenta, kirk-baird, leastwood, minhquanym, oyc_109, peritoflores, rayn, remora, rfa, robee, saian, samruna, sorrynotsorry, wuwe1

Awards

101.302 USDC - $101.30

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Duplicate ReentrancyGuard imports

Impact

The PrePOMarketFactory.sol contract imports 3 ReentrancyGuard files, and one of these 3 files is ReentrancyGuardUpgradeable.sol instead of ReentrancyGuard.sol. This situation can lead to confusion whether the contract is using the ReentrancyGuardUpgradeable.sol import or the ReentrancyGuard.sol import.

Proof of Concept

import   "./LongShortToken.sol";            // imports ReentrancyGuard.sol
import   "./PrePOMarket.sol";               // imports ReentrancyGuard.sol
import   "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";

Tools Used

Manual analysis

Remove unnecessary ReentrancyGuard imports to avoid confusion whether ReentrancyGuardUpgradeable is used or not.

#0 - ramenforbreakfast

2022-03-24T03:33:31Z

duplicate of #5

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xkatana, 0xngndev, 0xwags, CertoraInc, Funen, GreyArt, IllIllI, Jujic, Kenshin, Kiep, Tadashi, TerrierLover, Tomio, WatchPug, berndartmueller, defsec, hake, kenta, minhquanym, oyc_109, rayn, rfa, robee, saian, samruna

Awards

30.925 USDC - $30.93

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Unused Import

Impact

Importing ReentrancyGuard.sol is unnecessary in LongShortToken.sol because the import is never used

Proof of Concept

https://github.com/code-423n4/2022-03-prepo/blob/main/contracts/core/LongShortToken.sol

Tools Used

Manual analysis

Remove this line from LongShortToken import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

Save gas with unchecked

Impact

If arithmetic will not overflow, use unchecked to save gas. There are several locations where safeMath is not needed and unchecked can lower gas consumption.

Proof of Concept

In this code from Collateral.sol, _balanceAfter ≥ _balanceBefore so unchecked can be used

uint256 _balanceBefore = _baseToken.balanceOf(address(this));
_strategyController.withdraw(address(this), _owed);
uint256 _balanceAfter = _baseToken.balanceOf(address(this));

uint256 _amountWithdrawn = _balanceAfter - _balanceBefore;

Instead, replace the last line with

unchecked { uint256 _amountWithdrawn = _balanceAfter - _balanceBefore; }

Tools Used

Manual analysis

Use unchecked for arithmetic gas optimizations

Redundant zero initialization

Impact

Solidity does not recognize null as a value, so uint variables are initialized to zero. Setting a uint variable to zero is redundant and can waste gas.

Proof of Concept

https://github.com/code-423n4/2022-03-prepo/blob/main/contracts/core/Collateral.sol#L81

uint256 _shares = 0;

Tools Used

Manual analysis

Remove the redundant zero initialization uint256 _shares;

#0 - ramenforbreakfast

2022-03-24T03:36:19Z

duplicate of #5 and #18

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter