Platform: Code4rena
Start Date: 05/05/2022
Pot Size: $125,000 DAI
Total HM: 17
Participants: 62
Period: 14 days
Judge: leastwood
Total Solo HM: 15
Id: 120
League: ETH
Rank: 11/62
Findings: 4
Award: $4,552.96
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: tintin
Also found by: 0xsomeone, AuditsAreUS, hyh
| File | Lines | Type |
|---|---|---|
| AlchemicTokenV2Base.sol | L189-L191 | Access Control |
The mint function is meant to prevent arbitrary amount mints via the totalMinted variable being guaranteed to be less than mintCeiling as set by the administrator of the system. However, the lowerHasMinted function permits a whitelisted member to lower their own mints thereby effectively bypassing the mintCeiling check and rendering it redundant.
The whitelisted parties can completely bypass the mintCeiling limits set by the administrator thereby rendering minting entirely up to the discretion of the whitelisted parties.
We advise alternative access control to be imposed by lowerHasMinted so that the restriction structure for mints makes sense in the system.
Issue is immediately deducible by inspecting the relevant lines referenced in the issue.
Manual inspection of the codebase.
#0 - 0xfoobar
2022-05-30T05:16:23Z
Duplicate of #166
https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/gALCX.sol#L69-L81
| File | Lines | Type |
|---|---|---|
| gALCX.sol | L69-L81 | Improper State Assumption |
The gALCX contains a race condition whereby whenever the contract has no stakes (such as when the contract is first deployed) the exchangeRate can be artificially inflated via direct ALCX transfers. In detail, a user can make a small ALCX deposit, perform a direct transfer of ALCX to the contract, redeem the ALCX and repeat to artifically inflate the exchangeRate to a potentially significant degree affecting truncations.
The exchangeRate can be trivially inflated rendering the contract usable only by users making large deposits (due to truncation) or entirely unusable if the rate is inflated to a significant degree surpassing a decent percentage of the total supply of the ALCX asset. We would like to note that since inflation is possible via the usage of flash-loans, the size of exchangeRate can be easily exarcebated to significant proportions.
We advise the bumpExchangeRate function to contain an alternative execution path that checks if the totalSupply is zero and in such a case simply resets the exchangeRate to 1e18 to ensure that the contract behaves properly under all circumstances. Alternatively, if the exchangeRate is envisioned to continuously increase perpetually (a trait we advise against), the code should evaluate the delta between balanceOf invocations "sandwhiching" the claim operation similarly to how the various adapters of the protocol operate.
Issue is deducible by inspecting the relevant lines referenced in the issue and making note of the balanceOf invocation that does not care about whether the funds came from the claim operation.
Manual inspection of the codebase.
#0 - 0xfoobar
2022-05-30T05:15:00Z
Duplicate of #135
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xsomeone, AuditsAreUS, BouSalman, BowTiedWardens, Cityscape, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Picodes, Ruhum, TerrierLover, WatchPug, Waze, bobirichman, catchup, cccz, cryptphi, csanuragjain, delfin454000, ellahi, fatherOfBlocks, hake, horsefacts, hyh, jayjonah8, joestakey, kebabsec, kenta, mics, oyc_109, robee, samruna, shenwilly, sikorico, simon135, throttle, tintin
421.3881 DAI - $421.39
| File | Lines | Type |
|---|---|---|
| AlchemicTokenV2.sol | L60,L93 | Input Sanitization |
The mint fee is meant to represent a percentage of the BPS variable, however, no upper cap is imposed on it.
We advise it to be at most equivalent to BPS (in reality it will be significantly less) to ensure that the flash loan fee is service-able.
| File | Lines | Type |
|---|---|---|
| AlchemicTokenV2Base.sol | L197 | Input Sanitization |
The mint fee is meant to represent a percentage of the BPS variable, however, no upper cap is imposed on it.
We advise it to be at most equivalent to BPS (in reality it will be significantly less) to ensure that the flash loan fee is service-able.
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L62 | Input Sanitization |
The constructor of the contract does not sanitize against duplicate entries in the _bridgeTokens in contrast to addBridgeToken.
We advise such sanitization to be imposed to prevent a misconfigured bridgeTokensArray.
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L59 | State Synchrosity |
The bridgeTokens mapping is improperly maintained as it is solely adjusted during the constructor and not during the addBridgeToken.
We advise the entry to be properly updated when a bridge token is added to ensure the data source is in sync.
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L163-L167 | Input Sanitization |
The swap fees must be ensured to be at most equivalent to FEE_PRECISION as otherwise all swapping operations will result in underflows.
We advise these limits to be imposed on the function via corresponding if-revert checks.
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L156-L161,L169-L171 | Code Standardization |
The linked functions are prefixed with the toggle keyword, however, one acts as a setter function while the other actually toggles the key's value.
We advise behaviour to be streamlined across the codebase to avoid ambiguous behaviour.
| File | Lines | Type |
|---|---|---|
| gALCX.sol | L63,L89-L90,L106-L107 | Standard Conformity |
The linked EIP-20 functions are mandated to yield a bool variable for validation of the call's execution.
While callers should not assume that a bool is not returned, some tokens such as Tether are non-standard and yield no bool variable thereby causing requirechecks to fail. We advise the localTokenUtils` library to be utilized instead as it already exists in the codebase and guarantees safe execution regardless of the underlying token implementation.
| File | Lines | Type |
|---|---|---|
| gALCX.sol | L93,L102 | Mathematical Operations |
The stake and unstake functions perform conversions between two assets via multiplications and divisions, however, they do not account for truncations thereby causing funds to be permanently lost during either transaction. Given that truncations can and will occur on almost each transaction, the lost value can significantly compound.
We advise the functions to instead consume an amount or gAmount that is wholly divisible by the exchange. This can be achieved via the usage of a modulo (%) operation and subtraction of the indivisible remainder from the original stake / unstake amount.
| File | Lines | Type |
|---|---|---|
| SafeCast.sol | L13,L23 | Syntactical Sugar |
The linked literals depict upper and lower limits respectively of a specific numeric type (int256 and uint256 respectively).
We advise the type specifier to be utilized along with the max and min members to standardize the code style of the code (i.e 2**255 is replaced by type(int256).max and 0 is replaced by type(uint256).min without affecting gas cost).
#0 - 0xfoobar
2022-05-30T08:12:59Z
Good QA report
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsomeone, AlleyCat, BowTiedWardens, Cityscape, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Randyyy, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, augustg, bobirichman, catchup, csanuragjain, ellahi, fatherOfBlocks, hake, hansfriese, horsefacts, ignacio, joestakey, kenta, mics, oyc_109, robee, samruna, sashik_eth, sikorico, simon135, throttle
91.8428 DAI - $91.84
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L141-L145 | Gas Optimization |
The loop validation performed between lines L141-L145 is entirely redundant as the bridgeTokens mapping can and should be utilized instead.
We advise the bridgeTokens mapping to be utilized for this type of validation greatly reducing the gas cost of the function.
| File | Lines | Type |
|---|---|---|
| CrossChainCanonicalBase.sol | L141 | Gas Optimization |
The linked for loop will dynamically evaluate its limit on each iteration as the compiler cannot deduce whether the internal statements of the loop affect the length member of the bridgeTokensArray (i.e. push to / pop from it).
We advise the length to be cached to a local variable that is consequently utilized for validating the limit thereby optimizing the function's gas cost.
| File | Lines | Type |
|---|---|---|
| gALCX.sol | L12 | Gas Optimization |
The linked variable is assigned to only once during its declaration.
We advise it to be set as constant significantly optimizing its read access gas cost.
| File | Lines | Type |
|---|---|---|
| gALCX.sol | L63 | Gas Optimization |
The local success variable is redundant as it is not utilized in the code. Additionally, should the ALCX token not return a bool for the approve function execution the call would fail.
While the code is safe as the ALCX token does yield a bool variable, we still advise the local variable and corresponding assignment to be omitted to optimize the code's execution cost.
| File | Lines | Type |
|---|---|---|
| LiquidityMath.sol | L18-L28 | Gas Optimization |
The codebase is compiled with a version greater than 0.8.X and has built-in safe arithmetics toggled on. As a result, explicit overflow / underflow checks are redundant.
We advise them to be omitted in favor of reduced gas costs. Additionally, we advise the pragma statement of the contract to be updated.
getAddress Key| File | Lines | Type |
|---|---|---|
| RocketPool.sol | L14 | Gas Optimization |
The result of keccak256(abi.encodePacked("contract.address", "rocketTokenRETH")) is deterministic and equivalent to the literal 0xe3744443225bff7cc22028be036b80de58057d65a3fdca0a3df329f525e31ccc.
We advise the statements to be replaced by the literal optimizing the code's gas cost.
| File | Lines | Type |
|---|---|---|
| EthAssetManager.sol | L157 | Gas Optimization |
The linked variable is assigned to only once during the contract's constructor execution.
We advise it to be set as immutable significantly optimizing its read access gas cost.