Back to Chom's contests

Swivel v3 contest - Chom's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 56/78

Findings: 1

Award: $46.82

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySwivel

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 8olidity, Avci, Bahurum, Bnke0x0, Chom, ElKu, Funen, GimelSec, JC, Junnon, Kaiziron, Meera, PaludoX0, Picodes, ReyAdmirado, Sm4rty, Soosh, Waze, _Adam, __141345__, ak1, aysha, benbaessler, bin2chen, c3phas, cccz, cryptphi, csanuragjain, defsec, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, itsmeSTYJ, jonatascm, kyteg, mektigboy, oyc_109, pashov, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, scaraven, simon135, slywaters

Awards

46.825 USDC - $46.82

Labels

bug
QA (Quality Assurance)
resolved

External Links

Link to GitHub issue

Missing invalid market check

https://github.com/code-423n4/2022-07-swivel/blob/main/Marketplace/MarketPlace.sol

Any functions that declare Market memory market = markets[p][u][m];

Should check whether market has a valid zctoken or not but now it don't check it which allow malicious market input.

require(market.zcToken != address(0), "Market not created");

We may not need signature to cancel order

Just check whether msg.sender == o[i].maker is enough to allow cancellation https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L407-L423

Change to this

  function cancel(Hash.Order[] calldata o) external returns (bool) {
    uint256 len = o.length;
    for (uint256 i; i < len;) {
      bytes32 hash = Hash.order(o[i]);
      if (msg.sender != o[i].maker) { revert Exception(15, 0, 0, msg.sender, o[i].maker); }

      cancelled[hash ] = true;

      emit Cancel(o[i].key, hash);

      unchecked {
        i++;
      }
    }

    return true;
  }

Exception is hard to read

revert Exception(30, 0, 0, address(0), address(0));

What is 30? Why not consider using separated custom errors?

error MatureMarketFailed();
...
revert MatureMarketFailed();

Variables name are hard to read

uint8 p, address u, uint256 m

Should be

uint8 penum, address underlying, uint256 maturity

#0 - robrobbins

2022-08-25T21:36:41Z

on custom error codes

because 40+ custom errors are too many to add to a contract. their is / will be further clear documentation on what those error codes are.

missing market

i fail to see how it could be malicious

on variable names

disagree. first arguments are not variables. single letter tokens are reserved strictly for arguments in swivel (in all our codebases). they prevent the use of dangling underscores and help with the exhaustion-of-good-vars problem.

on cancel

maybe. will discuss this.

#1 - robrobbins

2022-09-01T20:43:04Z

possibly implementing the cancel optimization. if yes the change is: https://github.com/Swivel-Finance/gost/pull/438

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter