Olympus DAO contest - Chandr's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Platform: Code4rena

Start Date: 25/08/2022

Pot Size: $75,000 USDC

Total HM: 35

Participants: 147

Period: 7 days

Judge: 0xean

Total Solo HM: 15

Id: 156

League: ETH

Olympus DAO

Findings Distribution

Researcher Performance

Rank: 88/147

Findings: 2

Award: $86.89

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Olympus DAO

Findings Information

🌟 Selected for report: zzzitron

Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas

Awards

54.3131 DAI - $54.31

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

Shadowed variables

IMPACT: Shadowing local variables is naming conventions found in two or more variables that are similar. Although they do not pose any immediate risk to the contract, incorrect usage of the variables is possible and can cause serious issues if the developer does not pay close attention. [Reference|https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing]

ERC20Permit.constructor(string).name (OlympusERC20.sol#844) shadows: ERC20.name() (OlympusERC20.sol#689-691) (function)

Mitigation: rename name to _name

Requirement violation.

(Https://github.com/code-423n4/2022-08-olympus/tree/main/src/Kernel.sol#L300)

A requirement was violated in a nested call and the call was reverted as a result. Make sure valid inputs are provided to the nested call (for instance, via passed arguments). Reference: https://swcregistry.io/docs/SWC-123

public functions not called by the contract should be declared external instead

Impact: Contracts are allowed to override their parents' functions and change the visibility from external to public. Kernel.grantRole(Role,address) (Https://github.com/code-423n4/2022-08-olympus/tree/main/src/Kernel.sol#L443-L452) Kernel.revokeRole(Role,address) (Https://github.com/code-423n4/2022-08-olympus/tree/main/src/Kernel.sol#L455-L462) OlympusMinter.mintOhm(address,uint256) (Https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/MINTR.sol#L33-L35) OlympusMinter.burnOhm(address,uint256) (Https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/MINTR.sol#L37-L39) OlympusVotes.transfer(address,uint256) (Https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/VOTES.sol#L45-48) OlympusVotes.transferFrom(address,address,uint256) (Https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/VOTES.sol#L51-63) OlympusInstructions.getInstructions(uint256) (Https://github.com/code-423n4/2022-08-olympus/blob/main/src/modules/INSTR.sol#L37-39)

MixedCase:

Functions should be written in mixedCase, see Solidity naming conventions. Functions breaking this convention:

Reference: https://github.com/code-423n4/2021-11-bootfinance-findings/issues/163

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami

Awards

32.5835 DAI - $32.58

Labels

bug

G (Gas Optimization)

sponsor confirmed

External Links

Link to GitHub issue

PREFIX INCREMENTS

IMPACT Prefix increments are cheaper than postfix increments.

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/utils/KernelUtils.sol#L49 i++;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/utils/KernelUtils.sol#L64 i++;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L488 decimals++;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L670 _status.low.count++;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L686 _status.high.count++;

Mitigation: replace foo++ to ++foo

DEFAULT VALUE INITIALIZATION

IMPACT If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0 etc depending on the data type). Explicitly initializing it with its default value is an anti-pattern and wastes gas.

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/Kernel.sol#L397 for (uint256 i = 0; i < reqLength; ) {

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/utils/KernelUtils.sol#L43 for (uint256 i = 0; i < 5; ) {

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/utils/KernelUtils.sol#L58 for (uint256 i = 0; i < 32; ) {

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L574 _status.high.count = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L575 _status.high.nextObservation = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L578 _status.low.count = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L579 _status.low.nextObservation = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/PRICE.sol#L254 _movingAverage = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/PRICE.sol#L286 _movingAverage = 0;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/RANGE.sol#L135 _range.high.active = false;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/RANGE.sol#L147 _range.low.active = false;

Mitigation: Remove explicit value initialization.

COMPARISON OPERATORS

IMPACT In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Using strict comparison operators hence saves gas.

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L210 uint48(block.timestamp) >= RANGE.lastActive(true) + uint48(config_.regenWait) &&

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L211 status.high.count >= config.regenThreshold

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L216 uint48(block.timestamp) >= RANGE.lastActive(false) + uint48(config_.regenWait) &&

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L217 status.low.count >= config.regenThreshold

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L486 while (price_ >= 10) {

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L667 if (currentPrice >= movingAverage) {

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Operator.sol#L683 if (currentPrice <= movingAverage) {

Mitigation: Replace <= with <, and >= with >. Do not forget to increment/decrement the compared variable

COMPARISON WITH ZERO

IMPACT

0 is less gas efficient than !0 if you enable the optimizer at 10k AND you’re in a require statement. Detailed explanation with the opcodes here

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Governance.sol#L247 if (userVotesForProposal[activeProposal.proposalId][msg.sender] > 0) {

Mitigation: Replace >0 with !0

Increment/decrement operations

IMPACT X = X + Y IS CHEAPER THAN X += Y X = X- Y IS CHEAPER THAN X -= Y

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Governance.sol#L194 totalEndorsementsForProposal[proposalId_] -= previousEndorsement;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Governance.sol#L198 totalEndorsementsForProposal[proposalId_] += userVotes;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Governance.sol#L252 yesVotesForProposal[activeProposal.proposalId] += userVotes;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Governance.sol#L254 noVotesForProposal[activeProposal.proposalId] += userVotes;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/Heart.sol#L103 lastBeat += frequency();

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/BondCallback.sol#L143 amountsPerMarket[id][0] += inputAmount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/policies/BondCallback.sol#L144 amountsPerMarket[id][1] += outputAmount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L96 reserveDebt[token_][msg.sender] += amount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L97 totalDebt[token_] += amount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L115 reserveDebt[token_][msg.sender] -= received;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L116 totalDebt[token_] -= received;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L131 if (oldDebt < amount_) totalDebt[token_] += amount_ - oldDebt;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/TRSRY.sol#L132 else totalDebt[token_] -= oldDebt - amount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/VOTES.sol#L56 balanceOf[from_] -= amount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/VOTES.sol#L58 balanceOf[to_] += amount_;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/PRICE.sol#L136 _movingAverage += (currentPrice - earliestPrice) / numObs;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/PRICE.sol#L138 _movingAverage -= (earliestPrice - currentPrice) / numObs;

Instance: https://github.com/code-423n4/2022-08-olympus/tree/main/src/modules/PRICE.sol#L222 total += startObservations_[i];

Mitigation: X += Y replace with X = X + Y X -= Y replace with X = X - Y

Olympus DAO contest - Chandr's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-47] QA Report - $54.31

Findings Information

Awards

Labels

External Links

Shadowed variables

Requirement violation.

public functions not called by the contract should be declared external instead

MixedCase:

[G-25] Gas Report - $32.58

Findings Information

Awards

Labels

External Links

PREFIX INCREMENTS

DEFAULT VALUE INITIALIZATION

COMPARISON OPERATORS

COMPARISON WITH ZERO

Increment/decrement operations