Back to DavidGiladi's contests

Venus Prime - DavidGiladi's results

Earn, borrow & lend on the #1 Decentralized Money Market on the BNB chain.

General Information

Platform: Code4rena

Start Date: 28/09/2023

Pot Size: $36,500 USDC

Total HM: 5

Participants: 115

Period: 6 days

Judge: 0xDjango

Total Solo HM: 1

Id: 290

League: ETH

Venus Protocol

Findings Distribution

Researcher Performance

Rank: 21/115

Findings: 2

Award: $223.09

QA:
grade-a
Gas:
grade-a

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVenus Protocol

Findings Information

🌟 Selected for report: Bauchibred

Also found by: 0x3b, 0xDetermination, 0xMosh, 0xScourgedev, 0xTheC0der, 0xTiwa, 0xWaitress, 0xdice91, 0xfusion, 0xpiken, 0xprinc, 0xweb3boy, ArmedGoose, Aymen0909, Breeje, Brenzee, Daniel526, DavidGiladi, DeFiHackLabs, Flora, Fulum, HChang26, Hama, IceBear, J4X, Krace, KrisApostolov, Maroutis, Mirror, MohammedRizwan, Norah, PwnStars, SPYBOY, TangYuanShen, Testerbot, ThreeSigma, Tricko, al88nsk, alexweb3, ast3ros, berlin-101, bin2chen, blutorque, btk, d3e4, deth, e0d1n, ether_sky, ge6a, gkrastenov, glcanvas, hals, imare, inzinko, jkoppel, jnforja, joaovwfreire, josephdara, kutugu, lotux, lsaudit, mahdirostami, merlin, n1punp, nadin, neumo, nisedo, nobody2018, oakcobalt, orion, peanuts, pep7siup, pina, ptsanev, rokinot, rvierdiiev, said, santipu_, sashik_eth, seerether, squeaky_cactus, terrancrypt, tonisives, twicek, vagrant, xAriextz, y4y

Awards

62.2092 USDC - $62.21

Labels

bug
grade-a
QA (Quality Assurance)
sufficient quality report
Q-30

External Links

Link to GitHub issue

Low Issues

TitleIssueInstances
[L-1] Missing gap Storage Variable in Upgradeable ContractMissing gap Storage Variable in Upgradeable Contract1
[L-2] Reentrancy vulnerabilitiesReentrancy vulnerabilities6
[L-3] Avoid Usage of Ownable and Prefer Ownable2StepAvoid Usage of Ownable and Prefer Ownable2Step2

Total: issues 3

Non-Critical Issues

TitleIssueInstances
[N-1] Do not calculate constantsDo not calculate constants3
[N-2] Costly operations inside a loopCostly operations inside a loop6
[N-3] Missing events in sensitive functionsMissing events in sensitive functions3
[N-4] Functions Not Implementing an InterfaceFunctions Not Implementing an Interface32
[N-5] Consider Disable Ownership Renouncement in Ownable ContractsConsider Disable Ownership Renouncement in Ownable Contracts2
[N-6] Event Emission Preceding External Calls: A Best PracticeEvent Emission Preceding External Calls: A Best Practice6
[N-7] Functions that alter state should emit eventsFunctions that alter state should emit events6
[N-8] Too many digitsToo many digits69
[N-9] Unused importsUnused imports2
[N-10] Unused returnUnused return1
[N-1] Whitespace in ExpressionsWhitespace in Expressions2

Total: 11 issues

Missing gap Storage Variable in Upgradeable Contract

  • Severity: Low
  • Confidence: High

Note

There is one instance that was missing in the wining bot.

Description

upgradeable contracts that are missing a '__gap' storage variable. In upgradeable contracts, it is important to reserve storage slots for future versions to introduce new storage variables. The '__gap' storage variable acts as a placeholder, allowing for seamless upgrades without affecting existing storage layout.When a contract is not designed with a '__gap' storage variable, adding new storage variables in subsequent versions becomes problematic. It can lead to storage collisions or layout incompatibilities, making it difficult to upgrade the contract without requiring costly data migrations or redeployments.

<details> <summary> There are 1 instance of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

35    contract Prime is IIncomeDestination, AccessControlledV8, PausableUpgradeable, MaxLoopsLimitHelper, PrimeStorageV1

missing __gap storage variable

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L35-L1015

</details>

Reentrancy vulnerabilities

  • Severity: Low
  • Confidence: Medium

Description

Detection of the reentrancy bug. Only report reentrancy that acts as a double call (see reentrancy-eth, reentrancy-no-eth).

<details> <summary> There are 6 instances of this issue: </summary>

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

725    function _burn(address user) internal

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

731    _executeBoost(user, _allMarkets[i])

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

753    _updateRoundAfterTokenBurned(user)

	- 

File: contracts/Tokens/Prime/Prime.sol

831    pendingScoreUpdates--

- 

File: contracts/Tokens/Prime/Prime.sol

745    totalIrrevocable--

- 

File: contracts/Tokens/Prime/Prime.sol

747    totalRevocable--

- 

File: contracts/Tokens/Prime/Prime.sol

753    _updateRoundAfterTokenBurned(user)

	- 

File: contracts/Tokens/Prime/Prime.sol

828    totalScoreUpdatesRequired--

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L725-L756

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

779    function _executeBoost(address user, address vToken) internal

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

784    accrueInterest(vToken)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

785    interests[vToken][user].accrued += _interestAccrued(vToken, user)

- 

File: contracts/Tokens/Prime/Prime.sol

786    interests[vToken][user].rewardIndex = markets[vToken].rewardIndex

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L779-L787

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

794    function _updateScore(address user, address market) internal

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

799    uint256 score = _calculateScore(market, user)

	- 

File: contracts/Tokens/Prime/Prime.sol

657    oracle.updateAssetPrice(xvsToken)

	- 

File: contracts/Tokens/Prime/Prime.sol

658    oracle.updatePrice(market)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

801    interests[market][user].score = score

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L794-L802

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

554    function accrueInterest(address vToken) public

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

581    unreleasedPLPIncome[underlying] = totalAccruedInPLP

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L554-L589

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

237    function updateAlpha(uint128 _alphaNumerator, uint128 _alphaDenominator) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

247    accrueInterest(allMarkets[i])

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

254    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

819    nextScoreUpdateRoundId++

- 

File: contracts/Tokens/Prime/Prime.sol

254    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

821    pendingScoreUpdates = totalScoreUpdatesRequired

- 

File: contracts/Tokens/Prime/Prime.sol

254    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

820    totalScoreUpdatesRequired = totalIrrevocable + totalRevocable

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L237-L255

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

263    function updateMultipliers(address market, uint256 supplyMultiplier, uint256 borrowMultiplier) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

267    accrueInterest(market)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

State variables written after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

279    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

819    nextScoreUpdateRoundId++

- 

File: contracts/Tokens/Prime/Prime.sol

279    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

821    pendingScoreUpdates = totalScoreUpdatesRequired

- 

File: contracts/Tokens/Prime/Prime.sol

279    _startScoreUpdateRound()

	- 

File: contracts/Tokens/Prime/Prime.sol

820    totalScoreUpdatesRequired = totalIrrevocable + totalRevocable

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L263-L280

</details>

Avoid Usage of Ownable and Prefer Ownable2Step

  • Severity: Low
  • Confidence: High

Description

The 'Ownable'/'OwnableUpgradeable' contracts provides a basic ownership mechanism, but it lacks an additional step for secure ownership transfer, which is crucial for certain scenarios, such as upgrading contracts or handling complex ownership transitions.

By utilizing the 'Ownable2Step'/'Ownable2StepUpgradeable' contract, which extends the functionality of 'Ownable'/'OwnableUpgradeable' with a two-step ownership transfer process, developers can enhance the security and flexibility of their contracts. The two-step process involves the current owner initiating a transfer request, which requires confirmation from the new owner before the ownership is transferred.

Using 'Ownable2Step'/'Ownable2StepUpgradeable' mitigates risks associated with accidental or unauthorized ownership transfers, ensuring that ownership transitions are intentional and verified. It provides an extra layer of protection, particularly in situations where contract upgrades or complex ownership management are involved.

By leveraging 'Ownable2Step'/'Ownable2StepUpgradeable', developers can enhance the security and integrity of their contracts, promoting trust and reducing the potential for ownership-related vulnerabilities.

<details> <summary> There are 2 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

35    contract Prime is IIncomeDestination, AccessControlledV8, PausableUpgradeable, MaxLoopsLimitHelper, PrimeStorageV1

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L35-L1015

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

8    contract PrimeLiquidityProvider is AccessControlledV8, PausableUpgradeable

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L8-L349

</details>

Unused imports

  • Severity: Non-Critical
  • Confidence: High

Description

Identify unused imports in source files that can be safely removed. Please note that this detector does not support files with cyclic imports or files that use 'import {...} from' directives.

<details> <summary> There are 2 instances of this issue: </summary>

Unused imports found in /Users/noam/Documents/Code4rena/2023-09-venus/contracts/Tokens/Prime/Prime.sol. Consider removing the following imports:

- 

File: contracts/Tokens/Prime/Prime.sol

18    import { InterfaceComptroller } from "./Interfaces/InterfaceComptroller.sol";

@venusprotocol/oracle/contracts/interfaces/OracleInterface.sol @venusprotocol/oracle/contracts/interfaces/OracleInterface.sol

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L18

Unused imports found in /Users/noam/Documents/Code4rena/2023-09-venus/contracts/Tokens/Prime/libs/Scores.sol. Consider removing the following imports:

- 

File: contracts/Tokens/Prime/libs/Scores.sol

6    import { FixedMath } from "./FixedMath.sol";

@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol @openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/Scores.sol#L6

</details>

Unused return

  • Severity: Non-Critical
  • Confidence: Medium

Description

The return value of an external call is not stored in a local or state variable.

<details> <summary> There are 1 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

841    (uint256 xvs, , uint256 pendingWithdrawals) = IXVSVault(xvsVault).getUserInfo(
842                xvsVaultRewardToken,
843                xvsVaultPoolId,
844                user
845            )

ignores return value

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L841-L845

</details>

Whitespace in Expressions

  • Severity: Non-Critical
  • Confidence: High

Description

Detects when whitespace usage in expressions does not conform to the Solidity style guide.

<details> <summary> There are 2 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

35    contract Prime is IIncomeDestination, AccessControlledV8, PausableUpgradeable, MaxLoopsLimitHelper, PrimeStorageV1 

// @audit: whitespace inside parenthesis
Line: 156            for (uint256 i = 0; i < _allMarkets.length; ) {


// @audit: whitespace inside parenthesis
Line: 179            for (uint256 i = 0; i < users.length; ) {


// @audit: whitespace inside parenthesis
Line: 186                for (uint256 j = 0; j < _allMarkets.length; ) {


// @audit: whitespace inside parenthesis
Line: 217            for (uint256 i = 0; i < allMarkets.length; ) {


// @audit: whitespace inside parenthesis
Line: 288                for (uint256 i = 0; i < users.length; ) {


// @audit: whitespace inside parenthesis
Line: 302                for (uint256 i = 0; i < users.length; ) {


// @audit: whitespace inside parenthesis
Line: 502            for (uint256 i = 0; i < _allMarkets.length; ) {


// @audit: whitespace inside parenthesis
Line: 515            for (uint256 i = 0; i < _allMarkets.length; ) {


// @audit: whitespace inside parenthesis
Line: 545            (uint256 capital, , ) = _capitalForScore(xvsBalanceForScore, borrow, supply, market);


// @audit: whitespace inside parenthesis
Line: 603            for (uint256 i = 0; i < _allMarkets.length; ) {

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L35-L1015

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

8    contract PrimeLiquidityProvider is AccessControlledV8, PausableUpgradeable 

// @audit: whitespace inside parenthesis
Line: 96            for (uint256 i; i < numTokens; ) {


// @audit: whitespace inside parenthesis
Line: 108            for (uint256 i; i < tokens_.length; ) {


// @audit: whitespace inside parenthesis
Line: 138            for (uint256 i; i < numTokens; ) {

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L8-L349

</details>

Do not calculate constants

  • Severity: Non-Critical
  • Confidence: High

Description

Due to how constant variables are implemented in Solidity (replacements at compile-time), an expression assigned to a constant variable is recomputed each time that the variable is used, which wastes some gas. While in most cases, the compiler will optimize these computations away, it is considered a best practice to write code that does not rely on the compiler optimization.

<details> <summary> There are 3 instances of this issue: </summary> 

File: contracts/Tokens/Prime/PrimeStorage.sol

34    uint256 public constant MINIMUM_STAKED_XVS = 1000 * EXP_SCALE

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeStorage.sol#L34

File: contracts/Tokens/Prime/PrimeStorage.sol

37    uint256 public constant MAXIMUM_XVS_CAP = 100000 * EXP_SCALE

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeStorage.sol#L37

File: contracts/Tokens/Prime/PrimeStorage.sol

40    uint256 public constant STAKING_PERIOD = 90 * 24 * 60 * 60

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeStorage.sol#L40

</details>

Costly operations inside a loop

  • Severity: Non-Critical
  • Confidence: Medium

Description

Costly operations inside a loop might waste gas, so optimizations are justified.

<details> <summary> There are 6 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

200    function updateScores(address[] memory users) external

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

221    pendingScoreUpdates--

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L200-L230

File: contracts/Tokens/Prime/Prime.sol

762    function _upgrade(address user) internal

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

766    totalIrrevocable++

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L762-L772

File: contracts/Tokens/Prime/Prime.sol

762    function _upgrade(address user) internal

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

767    totalRevocable--

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L762-L772

File: contracts/Tokens/Prime/Prime.sol

704    function _mint(bool isIrrevocable, address user) internal

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

711    totalIrrevocable++

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L704-L719

File: contracts/Tokens/Prime/Prime.sol

704    function _mint(bool isIrrevocable, address user) internal

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

713    totalRevocable++

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L704-L719

File: contracts/Tokens/Prime/Prime.sol

331    function issue(bool isIrrevocable, address[] calldata users) external

has costly operations inside a loop: -

File: contracts/Tokens/Prime/Prime.sol

352    delete stakedAt[users[i]]

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359

</details>

Missing events in sensitive functions

  • Severity: Non-Critical
  • Confidence: High

Description

Events should be emitted when sensitive changes are made to the contracts, but some functions lack them.

<details> <summary> There are 3 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

794    function _updateScore(address user, address market) internal

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L794-L802

File: contracts/Tokens/Prime/Prime.sol

818    function _startScoreUpdateRound() internal

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L818-L822

File: contracts/Tokens/Prime/Prime.sol

827    function _updateRoundAfterTokenBurned(address user) internal

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L827-L833

</details>

Consider Disable Ownership Renouncement in Ownable Contracts

  • Severity: Non-Critical
  • Confidence: High

Description

Ownership renouncement is a feature provided by the Ownable contract in various smart contract frameworks, such as OpenZeppelin. It allows the contract owner to transfer ownership to another address, relinquishing their control over the contract. However, in certain cases, it may be undesirable or unnecessary to allow ownership renouncement.

It is important to carefully consider the implications of allowing ownership renouncement. Disabling renouncement can provide additional security and prevent potential risks associated with unintended ownership transfers.

<details> <summary> There are 2 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

35    contract Prime is IIncomeDestination, AccessControlledV8, PausableUpgradeable, MaxLoopsLimitHelper, PrimeStorageV1

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L35-L1015

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

8    contract PrimeLiquidityProvider is AccessControlledV8, PausableUpgradeable

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L8-L349

</details>

Functions that alter state should emit events

  • Severity: Non-Critical
  • Confidence: Medium

Description

Functions that alter the state of the contract should emit an event to inform external observers of the change.

<details> <summary> There are 6 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

554    function accrueInterest(address vToken) public

The function accrueInterest changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L554-L589

File: contracts/Tokens/Prime/Prime.sol

623    function _initializeMarkets(address account) internal

The function _initializeMarkets changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L623-L639

File: contracts/Tokens/Prime/Prime.sol

779    function _executeBoost(address user, address vToken) internal

The function _executeBoost changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L779-L787

File: contracts/Tokens/Prime/Prime.sol

794    function _updateScore(address user, address market) internal

The function _updateScore changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L794-L802

File: contracts/Tokens/Prime/Prime.sol

818    function _startScoreUpdateRound() internal

The function _startScoreUpdateRound changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L818-L822

File: contracts/Tokens/Prime/Prime.sol

827    function _updateRoundAfterTokenBurned(address user) internal

The function _updateRoundAfterTokenBurned changes state but does not emit an event.

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L827-L833

</details>

Too many digits

  • Severity: Non-Critical
  • Confidence: Medium

Description

Literals with many digits are difficult to read and review.

<details> <summary> There are 69 instances of this issue: </summary> 

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

73    x <= int256(0x00000000000000000000000000000000000000000001c8464f76164760000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

74    r -= int256(0x0000000000000000000000000000001000000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

75    x = (x * FIXED_1) / int256(0x00000000000000000000000000000000000000000001c8464f76164760000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

78    x <= int256(0x00000000000000000000000000000000000000f1aaddd7742e90000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

79    r -= int256(0x0000000000000000000000000000000800000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

80    x = (x * FIXED_1) / int256(0x00000000000000000000000000000000000000f1aaddd7742e90000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

83    x <= int256(0x00000000000000000000000000000000000afe10820813d78000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

84    r -= int256(0x0000000000000000000000000000000400000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

85    x = (x * FIXED_1) / int256(0x00000000000000000000000000000000000afe10820813d78000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

88    x <= int256(0x0000000000000000000000000000000002582ab704279ec00000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

89    r -= int256(0x0000000000000000000000000000000200000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

90    x = (x * FIXED_1) / int256(0x0000000000000000000000000000000002582ab704279ec00000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

93    x <= int256(0x000000000000000000000000000000001152aaa3bf81cc000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

94    r -= int256(0x0000000000000000000000000000000100000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

95    x = (x * FIXED_1) / int256(0x000000000000000000000000000000001152aaa3bf81cc000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

98    x <= int256(0x000000000000000000000000000000002f16ac6c59de70000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

99    r -= int256(0x0000000000000000000000000000000080000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

100    x = (x * FIXED_1) / int256(0x000000000000000000000000000000002f16ac6c59de70000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

103    x <= int256(0x000000000000000000000000000000004da2cbf1be5828000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

104    r -= int256(0x0000000000000000000000000000000040000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

105    x = (x * FIXED_1) / int256(0x000000000000000000000000000000004da2cbf1be5828000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

108    x <= int256(0x0000000000000000000000000000000063afbe7ab2082c000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

109    r -= int256(0x0000000000000000000000000000000020000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

110    x = (x * FIXED_1) / int256(0x0000000000000000000000000000000063afbe7ab2082c000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

113    x <= int256(0x0000000000000000000000000000000070f5a893b608861e1f58934f97aea57d)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

114    r -= int256(0x0000000000000000000000000000000010000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

115    x = (x * FIXED_1) / int256(0x0000000000000000000000000000000070f5a893b608861e1f58934f97aea57d)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

122    r += (z * (0x100000000000000000000000000000000 - y)) / 0x100000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

124    r += (z * (0x0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - y)) / 0x200000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

126    r += (z * (0x099999999999999999999999999999999 - y)) / 0x300000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

128    r += (z * (0x092492492492492492492492492492492 - y)) / 0x400000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

130    r += (z * (0x08e38e38e38e38e38e38e38e38e38e38e - y)) / 0x500000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

132    r += (z * (0x08ba2e8ba2e8ba2e8ba2e8ba2e8ba2e8b - y)) / 0x600000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

134    r += (z * (0x089d89d89d89d89d89d89d89d89d89d89 - y)) / 0x700000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

51    function ln(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

136    r += (z * (0x088888888888888888888888888888888 - y)) / 0x800000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L51-L137

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

162    z = y = x % 0x0000000000000000000000000000000010000000000000000000000000000000

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

178    r += z * 0x00000618fee9f800

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

180    r += z * 0x0000009c197dcc00

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

182    r += z * 0x0000000e30dce400

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

184    r += z * 0x000000012ebd1300

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

186    r += z * 0x0000000017499f00

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

188    r += z * 0x0000000001a9d480

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

190    r += z * 0x00000000001c6380

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

192    r += z * 0x000000000001c638

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

194    r += z * 0x0000000000001ab8

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

196    r += z * 0x000000000000017c

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

198    r += z * 0x0000000000000014

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

200    r += z * 0x0000000000000001

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

206    (x & int256(0x0000000000000000000000000000001000000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

207    r =
208                    (r * int256(0x00000000000000000000000000000000000000f1aaddd7742e56d32fb9f99744)) /
209                    int256(0x0000000000000000000000000043cbaf42a000812488fc5c220ad7b97bf6e99e)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

212    (x & int256(0x0000000000000000000000000000000800000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

213    r =
214                    (r * int256(0x00000000000000000000000000000000000afe10820813d65dfe6a33c07f738f)) /
215                    int256(0x000000000000000000000000000005d27a9f51c31b7c2f8038212a0574779991)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

218    (x & int256(0x0000000000000000000000000000000400000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

219    r =
220                    (r * int256(0x0000000000000000000000000000000002582ab704279e8efd15e0265855c47a)) /
221                    int256(0x0000000000000000000000000000001b4c902e273a58678d6d3bfdb93db96d02)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

224    (x & int256(0x0000000000000000000000000000000200000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

225    r =
226                    (r * int256(0x000000000000000000000000000000001152aaa3bf81cb9fdb76eae12d029571)) /
227                    int256(0x00000000000000000000000000000003b1cc971a9bb5b9867477440d6d157750)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

230    (x & int256(0x0000000000000000000000000000000100000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

231    r =
232                    (r * int256(0x000000000000000000000000000000002f16ac6c59de6f8d5d6f63c1482a7c86)) /
233                    int256(0x000000000000000000000000000000015bf0a8b1457695355fb8ac404e7a79e3)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

236    (x & int256(0x0000000000000000000000000000000080000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

237    r =
238                    (r * int256(0x000000000000000000000000000000004da2cbf1be5827f9eb3ad1aa9866ebb3)) /
239                    int256(0x00000000000000000000000000000000d3094c70f034de4b96ff7d5b6f99fcd8)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

242    (x & int256(0x0000000000000000000000000000000040000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

243    r =
244                    (r * int256(0x0000000000000000000000000000000063afbe7ab2082ba1a0ae5e4eb1b479dc)) /
245                    int256(0x00000000000000000000000000000000a45af1e1f40c333b3de1db4dd55f29a7)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

248    (x & int256(0x0000000000000000000000000000000020000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

249    r =
250                    (r * int256(0x0000000000000000000000000000000070f5a893b608861e1f58934f97aea57d)) /
251                    int256(0x00000000000000000000000000000000910b022db7ae67ce76b441c27035c6a1)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

254    (x & int256(0x0000000000000000000000000000000010000000000000000000000000000000)) != 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

140    function exp(int256 x) internal pure returns (int256 r)

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

255    r =
256                    (r * int256(0x00000000000000000000000000000000783eafef1c0a8f3978c7f81824d62ebf)) /
257                    int256(0x0000000000000000000000000000000088415abbe9a76bead8d00cf112e4d4a8)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L140-L259

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

38    library FixedMath0x

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

40    int256 internal constant FIXED_1 = int256(0x0000000000000000000000000000000080000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L38-L260

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

38    library FixedMath0x

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

44    int256 private constant LN_MIN_VAL = int256(0x0000000000000000000000000000000000000000000000000000000733048c5a)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L38-L260

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

38    library FixedMath0x

uses literals with too many digits: -

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

48    int256 private constant EXP_MIN_VAL = -int256(0x0000000000000000000000000000001ff0000000000000000000000000000000)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L38-L260

</details>

Functions Not Implementing an Interface

  • Severity: Non-Critical
  • Confidence: High

Description

Contracts with public or external functions should typically implement an interface for clarity and modularity. If they do not, it could lead to issues with understanding the contract's intended API and maintainability concerns.

<details> <summary> There are 32 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

130    function initialize(
131            address _xvsVault,
132            address _xvsVaultRewardToken,
133            uint256 _xvsVaultPoolId,
134            uint128 _alphaNumerator,
135            uint128 _alphaDenominator,
136            address _accessControlManager,
137            address _protocolShareReserve,
138            address _primeLiquidityProvider,
139            address _comptroller,
140            address _oracle,
141            uint256 _loopsLimit
142        ) external virtual initializer

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L130-L167

File: contracts/Tokens/Prime/Prime.sol

174    function getPendingInterests(address user) external returns (PendingInterest[] memory pendingInterests)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L174-L194

File: contracts/Tokens/Prime/Prime.sol

200    function updateScores(address[] memory users) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L200-L230

File: contracts/Tokens/Prime/Prime.sol

237    function updateAlpha(uint128 _alphaNumerator, uint128 _alphaDenominator) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L237-L255

File: contracts/Tokens/Prime/Prime.sol

263    function updateMultipliers(address market, uint256 supplyMultiplier, uint256 borrowMultiplier) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L263-L280

File: contracts/Tokens/Prime/Prime.sol

288    function addMarket(address vToken, uint256 supplyMultiplier, uint256 borrowMultiplier) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L288-L309

File: contracts/Tokens/Prime/Prime.sol

316    function setLimit(uint256 _irrevocableLimit, uint256 _revocableLimit) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L316-L324

File: contracts/Tokens/Prime/Prime.sol

331    function issue(bool isIrrevocable, address[] calldata users) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359

File: contracts/Tokens/Prime/Prime.sol

365    function xvsUpdated(address user) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L365-L382

File: contracts/Tokens/Prime/Prime.sol

389    function accrueInterestAndUpdateScore(address user, address market) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L389-L392

File: contracts/Tokens/Prime/Prime.sol

397    function claim() external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L397-L405

File: contracts/Tokens/Prime/Prime.sol

411    function burn(address user) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L411-L414

File: contracts/Tokens/Prime/Prime.sol

419    function togglePause() external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L419-L426

File: contracts/Tokens/Prime/Prime.sol

433    function claimInterest(address vToken) external whenNotPaused returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L433-L435

File: contracts/Tokens/Prime/Prime.sol

443    function claimInterest(address vToken, address user) external whenNotPaused returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L443-L445

File: contracts/Tokens/Prime/Prime.sol

469    function getAllMarkets() external view returns (address[] memory)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L469-L471

File: contracts/Tokens/Prime/Prime.sol

478    function claimTimeRemaining(address user) external view returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L478-L487

File: contracts/Tokens/Prime/Prime.sol

496    function calculateAPR(address market, address user) external view returns (uint256 supplyAPR, uint256 borrowAPR)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L496-L515

File: contracts/Tokens/Prime/Prime.sol

527    function estimateAPR(
528            address market,
529            address user,
530            uint256 borrow,
531            uint256 supply,
532            uint256 xvsStaked
533        ) external view returns (uint256 supplyAPR, uint256 borrowAPR)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L527-L548

File: contracts/Tokens/Prime/Prime.sol

554    function accrueInterest(address vToken) public

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L554-L589

File: contracts/Tokens/Prime/Prime.sol

597    function getInterestAccrued(address vToken, address user) public returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L597-L601

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

90    function initialize(
91            address accessControlManager_,
92            address[] calldata tokens_,
93            uint256[] calldata distributionSpeeds_
94        ) external initializer

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L90-L111

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

118    function initializeTokens(address[] calldata tokens_) external onlyOwner

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L118-L126

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

132    function pauseFundsTransfer() external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L132-L135

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

141    function resumeFundsTransfer() external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L141-L144

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

153    function setTokensDistributionSpeed(address[] calldata tokens_, uint256[] calldata distributionSpeeds_) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L153-L169

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

177    function setPrimeToken(address prime_) external onlyOwner

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L177-L182

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

192    function releaseFunds(address token_) external

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L192-L205

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

216    function sweepToken(IERC20Upgradeable token_, address to_, uint256 amount_) external onlyOwner

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L216-L225

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

232    function getEffectiveDistributionSpeed(address token_) external view returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L232-L242

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

249    function accrueTokens(address token_) public

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L249-L272

File: contracts/Tokens/Prime/PrimeLiquidityProvider.sol

276    function getBlockNumber() public view virtual returns (uint256)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L276-L278

</details>

Event Emission Preceding External Calls: A Best Practice

  • Severity: Non-Critical
  • Confidence: Medium

Description

Ensure that events follow the best practice of check-effects-interaction, and are emitted before external calls

<details> <summary> There are 6 instances of this issue: </summary>

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

725    function _burn(address user) internal

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

731    _executeBoost(user, _allMarkets[i])

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

755    emit Burn(user)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L725-L756

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

672    function _claimInterest(address vToken, address user) internal returns (uint256)

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

673    uint256 amount = getInterestAccrued(vToken, user)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

- 

File: contracts/Tokens/Prime/Prime.sol

685    IProtocolShareReserve(protocolShareReserve).releaseFunds(comptroller, assets)

- 

File: contracts/Tokens/Prime/Prime.sol

687    IPrimeLiquidityProvider(primeLiquidityProvider).releaseFunds(address(asset))

- 

File: contracts/Tokens/Prime/Prime.sol

692    asset.safeTransfer(user, amount)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

694    emit InterestClaimed(user, vToken, amount)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L672-L697

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

331    function issue(bool isIrrevocable, address[] calldata users) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

341    _initializeMarkets(users[i])

	- 

File: contracts/Tokens/Prime/Prime.sol

657    oracle.updateAssetPrice(xvsToken)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

	- 

File: contracts/Tokens/Prime/Prime.sol

658    oracle.updatePrice(market)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

718    emit Mint(user, isIrrevocable)

	- 

File: contracts/Tokens/Prime/Prime.sol

340    _mint(true, users[i])

- 

File: contracts/Tokens/Prime/Prime.sol

771    emit TokenUpgraded(user)

	- 

File: contracts/Tokens/Prime/Prime.sol

338    _upgrade(users[i])

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

331    function issue(bool isIrrevocable, address[] calldata users) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

351    _initializeMarkets(users[i])

	- 

File: contracts/Tokens/Prime/Prime.sol

657    oracle.updateAssetPrice(xvsToken)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

	- 

File: contracts/Tokens/Prime/Prime.sol

658    oracle.updatePrice(market)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

718    emit Mint(user, isIrrevocable)

	- 

File: contracts/Tokens/Prime/Prime.sol

350    _mint(false, users[i])

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

263    function updateMultipliers(address market, uint256 supplyMultiplier, uint256 borrowMultiplier) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

267    accrueInterest(market)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

269    emit MultiplierUpdated(
270                market,
271                markets[market].supplyMultiplier,
272                markets[market].borrowMultiplier,
273                supplyMultiplier,
274                borrowMultiplier
275            )

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L263-L280

Reentrancy in

File: contracts/Tokens/Prime/Prime.sol

200    function updateScores(address[] memory users) external

: External calls: -

File: contracts/Tokens/Prime/Prime.sol

213    _executeBoost(user, market)

	- 

File: contracts/Tokens/Prime/Prime.sol

570    _primeLiquidityProvider.accrueTokens(underlying)

- 

File: contracts/Tokens/Prime/Prime.sol

214    _updateScore(user, market)

	- 

File: contracts/Tokens/Prime/Prime.sol

657    oracle.updateAssetPrice(xvsToken)

	- 

File: contracts/Tokens/Prime/Prime.sol

658    oracle.updatePrice(market)

Event emitted after the call(s):
- 

File: contracts/Tokens/Prime/Prime.sol

228    emit UserScoreUpdated(user)

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L200-L230

</details>

#0 - c4-pre-sort

2023-10-07T15:50:33Z

0xRobocop marked the issue as sufficient quality report

#1 - c4-judge

2023-11-03T02:39:59Z

fatherGoose1 marked the issue as grade-a

Findings Information

🌟 Selected for report: DavidGiladi

Also found by: 0x3b, 0xWaitress, 0xhacksmithh, 0xprinc, hihen, jkoppel, lsaudit, oakcobalt, pavankv, pontifex

Labels

bug
G (Gas Optimization)
grade-a
high quality report
selected for report
G-05

Awards

160.8769 USDC - $160.88

External Links

Link to GitHub issue

Gas Optimization Issues

TitleIssueInstancesTotal Gas Saved
[G-1] Avoid unnecessary storage updatesAvoid unnecessary storage updates32400
[G-2] Multiplication and Division by 2 Should use in Bit ShiftingMultiplication and Division by 2 Should use in Bit Shifting5100
[G-3] Modulus operations that could be uncheckedModulus operations that could be unchecked185
[G-4] Inefficient Parameter StorageInefficient Parameter Storage150
[G-5] Short-circuit rules can be used to optimize some gas usageShort-circuit rules can be used to optimize some gas usage36300
[G-6] Unnecessary Casting of VariablesUnnecessary Casting of Variables1-
[G-7] Unused Named Return VariablesUnused Named Return Variables5-

Total: 7 issues

Avoid unnecessary storage updates

  • Severity: Gas Optimization
  • Confidence: High
  • Total Gas Saved: 2400

Note

I reported only on three issues that were missing in the wining bot.

Description

Avoid updating storage when the value hasn't changed. If the old value is equal to the new value, not re-storing the value will avoid a SSTORE operation (costing 2900 gas), potentially at the expense of a SLOAD operation (2100 gas) or a WARMACCESS operation (100 gas).

<details> <summary> There are 3 instances of this issue: </summary>

The function updateAlpha() changes the state variable without first verifying if the values are different.

File: contracts/Tokens/Prime/Prime.sol

243    alphaNumerator = _alphaNumerator

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L243

The function updateAlpha() changes the state variable without first verifying if the values are different.

File: contracts/Tokens/Prime/Prime.sol

244    alphaDenominator = _alphaDenominator

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L244

The function updateAssetsState() changes the state variable without first verifying if the values are different.

File: contracts/Tokens/Prime/Prime.sol

460    unreleasedPSRIncome[_getUnderlying(address(market))] = 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L460

</details>

Multiplication and Division by 2 Should use in Bit Shifting

  • Severity: Gas Optimization
  • Confidence: High
  • Total Gas Saved: 100

Description

The expressions 'x * 2' and 'x / 2' can be optimized for gas efficiency by utilizing bitwise operations. In Solidity, you can achieve the same results by using bitwise left shift (x << 1) for multiplication and bitwise right shift (x >> 1) for division.

Using bitwise shift operations (SHL and SHR) instead of multiplication (MUL) and division (DIV) opcodes can lead to significant gas savings. The MUL and DIV opcodes cost 5 gas, while the SHL and SHR opcodes incur a lower cost of only 3 gas.

By leveraging these more efficient bitwise operations, you can reduce the gas consumption of your smart contracts and enhance their overall performance.

<details> <summary> There are 5 instances of this issue: </summary> 

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

122    r += (z * (0x100000000000000000000000000000000 - y)) / 0x100000000000000000000000000000000

instead 340282366920938463463374607431768211456 use bit shifting 128

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L122

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

124    r += (z * (0x0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - y)) / 0x200000000000000000000000000000000

instead 680564733841876926926749214863536422912 use bit shifting 129

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L124

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

128    r += (z * (0x092492492492492492492492492492492 - y)) / 0x400000000000000000000000000000000

instead 1361129467683753853853498429727072845824 use bit shifting 130

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L128

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

136    r += (z * (0x088888888888888888888888888888888 - y)) / 0x800000000000000000000000000000000

instead 2722258935367507707706996859454145691648 use bit shifting 131

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L136

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

200    r += z * 0x0000000000000001

instead 1 use bit shifting 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L200

</details>

Modulus operations that could be unchecked

  • Severity: Gas Optimization
  • Confidence: High
  • Total Gas Saved: 85

Description

Modulus operations should be unchecked to save gas since they cannot overflow or underflow. Execution of modulus operations outside unchecked blocks adds nothing but overhead. Saves about 30 gas.

<details> <summary> There are 1 instances of this issue: </summary> 

File: contracts/Tokens/Prime/libs/FixedMath0x.sol

162    x % 0x0000000000000000000000000000000010000000000000000000000000000000

should be unchecked

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath0x.sol#L162

</details>

Short-circuit rules can be used to optimize some gas usage

  • Severity: Gas Optimization
  • Confidence: Medium
  • Total Gas Saved: 6300

Description

Some conditions may be reordered to save an SLOAD (2100 gas), as we avoid reading state variables when the first part of the condition fails (with &&), or succeeds (with ||). For instance, consider a scenario where you have a stateVariable (a variable stored in contract storage) and a localVariable (a variable in memory).

If you have a condition like stateVariable > 0 && localVariable > 0, if localVariable > 0 is false, the Solidity runtime will still execute stateVariable > 0, which costs an SLOAD operation (2100 gas). However, if you reorder the condition to localVariable > 0 && stateVariable > 0, the stateVariable > 0 check won't happen if localVariable > 0 is false, saving you the SLOAD gas cost.

Similarly, for the || operator, if you have a condition like stateVariable > 0 || localVariable > 0, and stateVariable > 0 is true, the Solidity runtime will still execute localVariable > 0. But if you reorder the condition to localVariable > 0 || stateVariable > 0, and localVariable > 0 is true, the stateVariable > 0 check won't happen, again saving you the SLOAD gas cost.

This detector checks for such conditions in the contract and reports if any condition could be optimized by taking advantage of the short-circuiting behavior of && and ||.

<details> <summary> There are 3 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

377    stakedAt[user] == 0 && isAccountEligible && !tokens[user].exists

 // @audit: Switch isAccountEligible && stakedAt[user] == 0

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L377

File: contracts/Tokens/Prime/Prime.sol

379    tokens[user].exists && isAccountEligible

 // @audit: Switch isAccountEligible && tokens[user].exists

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L379

File: contracts/Tokens/Prime/Prime.sol

369    tokens[user].exists && !isAccountEligible

 // @audit: Switch ! isAccountEligible && tokens[user].exists

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L369

</details>

Unnecessary Casting of Variables

  • Severity: Gas Optimization
  • Confidence: High

Description

This detector scans for instances where a variable is casted to its own type. This is unnecessary and can be safely removed to improve code readability.

<details> <summary> There are 1 instances of this issue: </summary> 

File: contracts/Tokens/Prime/libs/FixedMath.sol

25    return (n.toInt256() * FixedMath0x.FIXED_1) / int256(d.toInt256())

Unnecessary cast: int256(d.toInt256()) it cast to the same type.<br> https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath.sol#L25

</details>

Unused Named Return Variables

  • Severity: Gas Optimization
  • Confidence: High

Description

Named return variables allow for clear and explicit naming of values to be returned from a function. However, when these variables are unused, it can lead to confusion and make the code less maintainable.

<details> <summary> There are 5 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

174    function getPendingInterests(address user) external returns (PendingInterest[] memory pendingInterests)

there is not use of this variables: @ pendingInterests

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L174-L194

File: contracts/Tokens/Prime/Prime.sol

496    function calculateAPR(address market, address user) external view returns (uint256 supplyAPR, uint256 borrowAPR)

there is not use of this variables: @ supplyAPR @ borrowAPR

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L496-L515

File: contracts/Tokens/Prime/Prime.sol

527    function estimateAPR(
528            address market,
529            address user,
530            uint256 borrow,
531            uint256 supply,
532            uint256 xvsStaked
533        ) external view returns (uint256 supplyAPR, uint256 borrowAPR)

there is not use of this variables: @ supplyAPR @ borrowAPR

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L527-L548

File: contracts/Tokens/Prime/libs/FixedMath.sol

53    function ln(int256 x) internal pure returns (int256 r)

there is not use of this variables: @ r

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath.sol#L53-L55

File: contracts/Tokens/Prime/libs/FixedMath.sol

58    function exp(int256 x) internal pure returns (int256 r)

there is not use of this variables: @ r

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/FixedMath.sol#L58-L60

</details>

Inefficient Parameter Storage

  • Severity: Gas Optimization
  • Confidence: Medium
  • Total Gas Saved: 50

Description

When passing function parameters, using the calldata area instead of memory can improve gas efficiency. Calldata is a read-only area where function arguments and external function calls' parameters are stored.

By using calldata for function parameters, you avoid unnecessary gas costs associated with copying data from calldata to memory. This is particularly beneficial when the parameter is read-only and doesn't require modification within the contract.

Using calldata for function parameters can help optimize gas usage, especially when making external function calls or when the parameter values are provided externally and don't need to be stored persistently within the contract.

<details> <summary> There are 1 instances of this issue: </summary> 

File: contracts/Tokens/Prime/Prime.sol

200    address[] memory users

should be declared as calldata instead

https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L200

</details>

#0 - c4-pre-sort

2023-10-07T02:47:22Z

0xRobocop marked the issue as low quality report

#1 - c4-pre-sort

2023-10-07T06:43:56Z

0xRobocop marked the issue as sufficient quality report

#2 - c4-pre-sort

2023-10-07T06:59:25Z

0xRobocop marked the issue as high quality report

#3 - c4-judge

2023-11-03T16:52:20Z

fatherGoose1 marked the issue as grade-a

#4 - c4-judge

2023-11-05T00:34:10Z

fatherGoose1 marked the issue as selected for report

#5 - PaperParachute

2023-11-28T11:34:37Z

Comment on sponsor behalf:

chechu (Venus):

[G-01] Avoid unnecessary storage updates

ACK. It's an admin function and will be called only if values are different and needs an update.

[G-02] Multiplication and Division by 2 Should use in Bit Shifting

ACK

[G-03] Modulus operations that could be unchecked

ACK

[G-04] Short-circuit rules can be used to optimize some gas usage

Fixed. https://github.com/VenusProtocol/venus-protocol/commit/5505bf7c2503f3228f3421b45ee749fce2c2921a

[G-05] Unnecessary Casting of Variables

ACK

[G-06] Unused Named Return Variables

Fixed. https://github.com/VenusProtocol/venus-protocol/commit/acfb5a7f8c8a1ba5a8b3d7b469558298eca61b6f

[G-07] Inefficient Parameter Storage

Fixed. https://github.com/VenusProtocol/venus-protocol/commit/240f16f6cc53fa06a6389dfbb6fa821eb2b41b0

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter