Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 90/147
Findings: 2
Award: $86.89
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.3128 DAI - $54.31
src/modules/VOTES.sol 45: function transfer(address to_, uint256 amount_) public pure override returns (bool) { 51: function transferFrom(
src/policies/Operator.sol 272: function swap(
src/policies/BondCallback.sol 83: function whitelist(address teller_, uint256 id_) 100: function callback(
src/modules/TRSRY.sol 75: function withdrawReserves(
src/modules/MINTR.sol 33: function mintOhm(address to_, uint256 amount_) public permissioned { 37: function burnOhm(address from_, uint256 amount_) public permissioned {
src/modules/RANGE.sol 215: function updateMarket(
src/modules/VOTES.sol 51: function transferFrom(
src/modules/INSTR.sol 37: function getInstructions(uint256 instructionsId_) public view returns (Instruction[] memory) {
src/policies/Governance.sol 145: function getMetadata(uint256 proposalId_) public view returns (ProposalMetadata memory) { 151: function getActiveProposal() public view returns (ActivatedProposal memory) {
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.5842 DAI - $32.58
From Solidity v0.8 onwards, all arithmetic operations come with implicit overflow and underflow checks. In some instances, an overflow/underflow is impossible and gas can be saved by using an unchecked block to remove the implicit checks.
1.The first unchecking is in the getLoan function https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/TRSRY.sol#L92
a) There is one arithmetic operation in the function, that can be unchecked showed below, it adds the amount of the loan to the debtor's address. l don't think that this operation can overflow, since the function is permissioned and l doubt the loan of a one person, can get over (2**256 - 1). (Before) 96: reserveDebt[token_][msg.sender] += amount_; (After) 96: unchecked { reserveDebt[token_][msg.sender] += amount_; }
2.The second unchecking is in the repayLoan function https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/TRSRY.sol#L105
a) There are two arithmetic operations in the function, the first one showed below, it subtract the received amount of loan from the debtor's address. This can operation can be unchecked to save gas, there is no chance for underflow, since the received amount is equal to the debtor's amount and it can't go below zero, on the other hand if the msg.sender doesn't have Debt the function reverts, preventing malicious users to access the function. (Before) 115: reserveDebt[token_][msg.sender] -= received; (After) unchecked { reserveDebt[token_][msg.sender] -= received; }
b) The second operation showed below subtract the amount of the repaid loan from the amount of the token total loans among debtors. Since the totalDebt is all users loans in a particular token, it can't underflow by subtracting a single debtor loan. (Below) 116: totalDebt[token_] -= received; (After) 116: unchecked { totalDebt[token_] -= received; }
3.The third unchecking is in the setDebt function https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/TRSRY.sol#L122
a) There is one arithmetic operation that can be unchecked showed below, in the else statement the total debt of a token is subtracted by (the debtor's old debt subtractted by the amount of the new one), since in the else statement the oldDebt is greater or equal than the amount of the new one and the totalDebt is the debt made by all debtors, it can't underflow. (Before) 132: else totalDebt[token_] -= oldDebt - amount_; (After) 132: else unchecked { totalDebt[token_] -= oldDebt - amount_; }
4.The fourth uncheking is in the constructor https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L71
a) There is one arithmetic operation that can be unchecked showed below, the _scalefactor equals 10 to the power of the exponent, since in the if statement the exponent can't be greater than the number 38, (10 to the power of 38 isn't greater than 2256 -1 ) so it can be declared as unchecked, since there is no risk to overflow. (Before) 91: _scaleFactor = 10exponent; (After) 91: unchecked { _scaleFactor = 10**exponent; }
1.uint: 0 2.bool: false 3.address: address(0)
src/utils/KernelUtils.sol (Before) 43: for (uint256 i = 0; i < 5; ) { (After) 43: for (uint256 i; i < 5; ) {
(Before) 58: for (uint256 i = 0; i < 32; ) { (After) 58: for (uint256 i; i < 32; ) {
src/Kernel.sol (Before) 397: for (uint256 i = 0; i < reqLength; ) { (After) 397: for (uint256 i; i < reqLength; ) {