XDEFI contest - Fitraldys's results

The fastest wallet in DeFi.

General Information

Platform: Code4rena

Start Date: 04/01/2022

Pot Size: $25,000 USDC

Total HM: 3

Participants: 40

Period: 3 days

Judge: Ivo Georgiev

Total Solo HM: 1

Id: 75

League: ETH

XDEFI

Findings Distribution

Researcher Performance

Rank: 6/40

Findings: 2

Award: $869.20

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository XDEFI

Findings Information

🌟 Selected for report: cccz

Also found by: Fitraldys, cmichel, kenzo, onewayfunction, tqts

Labels

bug

duplicate

3 (High Risk)

sponsor confirmed

Awards

768.967 USDC - $768.97

External Links

Link to GitHub issue

Handle

Fitraldys

Vulnerability details

Impact

A user can call lock() that will call _lock(), that eventually will call _safeMint(), the _safeMint() function will make an external call to the destination address through _checkOnERC721Received(), and since the merge() and updateDistribution() didnt have noreentrant modifier, the user can reenter one of this function.

note: the _lock() didnt follow the correct check effect pattern, because external call from _safeMint() is happening before the state change

Proof of Concept

XDEFIDistribution.sol -> updateDistribution()
XDEFIDistribution.sol -> merge()
XDEFIDistribution.sol -> _lock()

#0 - deluca-mike
2022-01-09T05:56:47Z

Valid, and duplicate of #25

Findings Information

🌟 Selected for report: Fitraldys

Labels

bug

G (Gas Optimization)

resolved

sponsor confirmed

Awards

100.2321 USDC - $100.23

External Links

Link to GitHub issue

Handle

Fitraldys

Vulnerability details

Impact

expensive gas, because in the line https://github.com/XDeFi-tech/xdefi-distribution/blob/v1.0.0-beta.0/contracts/XDEFIDistributionHelper.sol#L23, the tokenids.length is save to a new variable to be used in the for loop, instead of call tokenids.length directly in the for loop

Proof of Concept

pragma solidity =0.8.7;

contract pikir {

    function putar1 (uint256 [] memory tokenIds) external view returns(uint256) {
        
        uint256 alltokens = tokenIds.length;
        uint256 hasil;

        for (uint256 i; i < alltokens; ++i){
            
            hasil += 1;

        }
        return hasil;

    }

}
//24714 gas

contract pikir2 {

    function putar1 (uint256 [] memory tokenIds) external view returns(uint256) {
    
        uint256 hasil;

        for (uint256 i; i < tokenIds.length; ++i){
            
            hasil += 1;

        }
        return hasil;

    }

}
//24710 gas

Tools Used

remix

#0 - deluca-mike
2022-01-08T22:40:26Z

Wow, interesting. Perhaps I was used to older version of Solidity where the compiler wasn't that great at caching the length of the memory array. I tested it throughout the code and this is an excellent gas savings find!

#1 - deluca-mike
2022-01-14T03:40:07Z

In release candidate contracts, this was done in:

#2 - Ivshti
2022-01-16T06:08:43Z

indeed, this one is shocking but a classic valid gas optimization

XDEFI contest - Fitraldys's results

The fastest wallet in DeFi.

General Information

Findings Distribution

Researcher Performance

External Links

[H-02] Missing noreentrant modifier on merge() and updateDistribution(), can reenter from the _lock() - $768.97

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

#0 - deluca-mike2022-01-09T05:56:47Z

Gas Report - $100.23

Gas Report - $100.23

🚀 [G-13] gas optimization - $100.23

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

#0 - deluca-mike2022-01-08T22:40:26Z

#1 - deluca-mike2022-01-14T03:40:07Z

#2 - Ivshti2022-01-16T06:08:43Z

#0 - deluca-mike
2022-01-09T05:56:47Z

#0 - deluca-mike
2022-01-08T22:40:26Z

#1 - deluca-mike
2022-01-14T03:40:07Z

#2 - Ivshti
2022-01-16T06:08:43Z