Back to Aymen0909's contests

Mimo August 2022 contest - Aymen0909's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 02/08/2022

Pot Size: $50,000 USDC

Total HM: 12

Participants: 69

Period: 5 days

Judge: gzeon

Total Solo HM: 5

Id: 150

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 67/69

Findings: 1

Award: $39.03

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xSmartContract, 0xc0ffEE, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Fitraldys, Funen, IllIllI, JC, JohnSmith, NoamYakov, ReyAdmirado, Rolezn, TomJ, Waze, ajtra, bearonbike, bobirichman, brgltd, c3phas, durianSausage, fatherOfBlocks, gogo, ignacio, jag, joestakey, ladboy233, mics, oyc_109, rbserver, samruna, sikorico, simon135

Awards

39.0334 USDC - $39.03

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

1- NO NEED TO EXPLICITLY INITIALIZE VARIABLES WITH DEFAULT VALUES

If a variable is not set/initialized, it is assumed to have the default value (0 for uint or int, false for bool, address(0) for address…). Explicitly initializing it with its default value is an anti-pattern and wastes gas.

File: contracts/proxy/MIMOProxy.sol

line 132 : for (uint256 i = 0; i < targets.length; i++)

2- USE OF ++i COST LESS GAS THAN i++ IN FOR LOOPS :

Prefix increments are cheaper than postfix increments, It saves 5 gas per iteration

File: contracts/proxy/MIMOProxy.sol

line 132 : for (uint256 i = 0; i < targets.length; i++)

3- ++i/i++ SHOULD BE UNCHECKED{++i}/UNCHECKED{i++} WHEN IT IS NOT POSSIBLE FOR THEM TO OVERFLOW, AS IS THE CASE WHEN USED IN FOR- AND WHILE-LOOPS

File: contracts/proxy/MIMOProxy.sol

line 132 : for (uint256 i = 0; i < targets.length; i++)

4- UNCHECKED ARITHMETIC

PROBLEM

The default “checked” behavior costs more gas when adding/diving/multiplying, because under-the-hood those checks are implemented as a series of opcodes that, prior to performing the actual arithmetic, check for under/overflow and revert if it is detected.

if it can statically be determined there is no possible way for your arithmetic to under/overflow (such as a condition in an if statement), surrounding the arithmetic in an unchecked block will save gas

PROOF OF CONCEPT

Instances includes :

File: contracts/actions/automated/MIMOAutoAction.sol

line 101 : uint256 vaultVariation = (rebalanceValue - swapResultValue).wadDiv(rebalanceValue); 
// because of the condition line 97 , the underflow check is unnecessary

File: contracts/actions/managed/MIMOManagedAction.sol

line 124 : uint256 vaultVariation = (rebalanceValue - swapResultValue).wadDiv(rebalanceValue); 
// because of the condition line 120 , the underflow check is unnecessary

File: contracts/actions/MIMOLeverage.sol

line 133 : token.safeIncreaseAllowance(address(core), collateralBalanceAfter - flashloanRepayAmount);
line 134 : core.deposit(address(token), collateralBalanceAfter - flashloanRepayAmount);
// because of the condition line 132 & line 130 , the underflow check is unnecessary

MITIGATION

Place the arithmetic operations in an unchecked block

#0 - gzeoneth

2022-08-21T16:13:56Z

https://github.com/code-423n4/2022-08-mimo/tree/main/docs#non-gas-optimized-syntax

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter