Platform: Code4rena
Start Date: 07/01/2022
Pot Size: $80,000 USDC
Total HM: 21
Participants: 37
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 71
League: ETH
Rank: 20/37
Findings: 4
Award: $652.87
🌟 Selected for report: 4
🚀 Solo Findings: 0
86.5379 INSURE - $30.29
52.5409 USDC - $52.54
Fitraldys
In the https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L703 it will loop through an entire indexList array
this doesnt immedietely impact other user, however when there is many user call allocateCredit this function will add another indexlist
if the user didnt exist in the first place. Lets say the time this contract was deployed there are only 3 unique user that call alocateCredit, thats make it the
indexlist.length to 3, and it still relatively cheap in term of gas when another user call resume function, but if there are 100 unique user that call alocateCredit
that makes it the indexList.length to 100, this will make the gas cost for other user that call resume expensive, since it will loop through all the indexlist variable that the contract has
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L703
#0 - oishun1112
2022-01-19T07:21:23Z
37.3929 INSURE - $13.09
22.7028 USDC - $22.70
Fitraldys
When a user want to withdraw funds, the user can make a request withdrawal by calling requestWithdraw,
however when doing the actual withdraw, the withdraw function memory pointer instead of storage pointer,
this makes https://github.com/code-423n4/2022-01-insure/blob/main/contracts/CDSTemplate.sol#L230 changes on request.amount didnt change the actual state/storage of the withdrawalReq, therefore the request.amount is still the same as before calling the withdraw function.
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/CDSTemplate.sol#L203 https://github.com/code-423n4/2022-01-insure/blob/main/contracts/CDSTemplate.sol#L230
by changing the memory pointer to storage, not only solve this issue but also can save some small amount of gas
#0 - oishun1112
2022-01-19T06:29:16Z
🌟 Selected for report: Fitraldys
379.9514 INSURE - $132.98
230.6848 USDC - $230.68
Fitraldys
In the https://github.com/code-423n4/2022-01-insure/blob/main/contracts/CDSTemplate.sol#L157 it is the descriptionof the depoist function, and not the correct description for the fund function.
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/CDSTemplate.sol#L156-L173
#0 - takadr
2022-01-27T13:02:36Z
@oishun1112 The description from the spec is ok here?
fund is called to fund surplus pool. This method is designed to called by admin, but it widely accepts funds by anybody. Contrary to deposit this method does not return any token.
https://insuredao.gitbook.io/developers/market/market-contracts/cds#fund
#1 - oishun1112
2022-01-31T07:22:10Z
@takadr please just change the comment to
A depositor supplies fund to the pool without receiving iTokens
🌟 Selected for report: Fitraldys
62.2711 INSURE - $21.79
32.6923 USDC - $32.69
Fitraldys
in line https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L260 have two check inside the require which is marketStatus == MarketStatus.Trading and paused == false and by spliting this check we can save gas.
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L260
function woi() public { require( marketStatus == MarketStatus.Trading && paused == false, "ERROR: DEPOSIT_DISABLED" ); } // 23645 gas
can be change to
function woi() public{ require( marketStatus == MarketStatus.Trading, "ERROR: DEPOSIT_DISABLED" ); require( paused == false, "ERROR: DEPOSIT_DISABLED" ); } //23637 gas
🌟 Selected for report: Fitraldys
62.2711 INSURE - $21.79
32.6923 USDC - $32.69
Fitraldys
in line https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L508 instead of save Insurance value to memory then save to insurences storage it's better to save the Insurence value directly to insurences storage or mapping to save gas.
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L508
contract insur { struct Insurance { uint256 id; //each insuance has their own id uint256 startTime; //timestamp of starttime uint256 endTime; //timestamp of endtime uint256 amount; //insured amount bytes32 target; //target id in bytes32 address insured; //the address holds the right to get insured bool status; //true if insurance is not expired or redeemed } mapping(uint256 => Insurance) public insurances; function coba() public { uint256 _id = 10; uint256 _endTime = 10; uint256 _amount = 12; bytes32 _target = bytes32(uint256(10)); Insurance memory _insurance = Insurance( _id, block.timestamp, _endTime, _amount, _target, msg.sender, true ); insurances[_id] = _insurance; } } //154623 gas
change to :
contract insur { struct Insurance { uint256 id; //each insuance has their own id uint256 startTime; //timestamp of starttime uint256 endTime; //timestamp of endtime uint256 amount; //insured amount bytes32 target; //target id in bytes32 address insured; //the address holds the right to get insured bool status; //true if insurance is not expired or redeemed } mapping(uint256 => Insurance) public insurances; function coba() public { uint256 _id = 10; uint256 _endTime = 10; uint256 _amount = 12; bytes32 _target = bytes32(uint256(10)); insurances[_id] = Insurance( _id, block.timestamp, _endTime, _amount, _target, msg.sender, true ); } } //154610 gas
remix
🌟 Selected for report: Fitraldys
62.2711 INSURE - $21.79
32.6923 USDC - $32.69
Fitraldys
in line https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L685 the function emitted a MarketStatusChanged event with storage variable which is marketStatus.
when we emit an event using storage data is more expensive than emitted an event using MarketStatus.Payingout value.
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L685
contract emitstatust { enum MarketStatus { Trading, Payingout } MarketStatus public marketStatus; event MarketStatusChanged(MarketStatus statusValue); function amit() public { marketStatus = MarketStatus.Payingout; emit MarketStatusChanged(marketStatus); } } //44792 gas
can change to :
contract emitstatust { enum MarketStatus { Trading, Payingout } MarketStatus public marketStatus; event MarketStatusChanged(MarketStatus statusValue); function amit() public { marketStatus = MarketStatus.Payingout; emit MarketStatusChanged(MarketStatus.Payingout); } } //44659 gas
remix
8.1712 INSURE - $2.86
4.2899 USDC - $4.29
Fitraldys
in line https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L232 change public to external can save gas
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L232
contract test4 { uint256 public counter = 1; function okelah (uint256 _amount) public { counter += _amount; require(_amount != 0, "ERROR: DEPOSIT_ZERO"); } } //26836 gas
can change to
contract test4 { uint256 public counter = 1; function okelah (uint256 _amount) external { counter += _amount; require(_amount != 0, "ERROR: DEPOSIT_ZERO"); } } //26835 gas
Remix
#0 - oishun1112
2022-01-13T05:36:31Z