Back to Funen's contests

Mimo DeFi contest - Funen's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 28/04/2022

Pot Size: $50,000 USDC

Total HM: 7

Participants: 43

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 115

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 26/43

Findings: 2

Award: $140.08

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s

Awards

89.0354 USDC - $89.04

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Non Critical

  1. Title : Consistency comment

the top comment line should be the same as the others for better readability, so you can make the lines indent.

##Tool Used Manual Review

##Occurances 1 2

  1. Typo Comment

https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/core/PriceFeed.sol#L41

typo comment oracle It can be changed into oracle

##Tool Used Manual Review

  1. Missing Event Emitting could be changed

##Impact Off-chain tools will not work as expected.

##Tool Used Manual Review

##Occurance

IVaultsCore.sol for VaultsCore

Missing Opened

https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/interfaces/IVaultsCore.sol#L12

Missing Liquidate https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/interfaces/IVaultsCore.sol#L17

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, Funen, GimelSec, MaratCerby, Picodes, Tadashi, Tomio, defsec, delfin454000, joestakey, kebabsec, oyc_109, pauliax, robee, rotcivegaf, samruna, slywaters, sorrynotsorry, ych18, z3s

Awards

51.0404 USDC - $51.04

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Title : Change 2**256 - 1 to type(uint).max for saving more gas

Its cheaper to using type(uint).max instead of using 2**256-1 calculation for unlimited approval

##Tools Used Manual Review

##Recommended Mitigation

uint256 private constant MAX_INT = type(uint).max;

##Occurances VaultsCore#L23 InceptionVaultsCore#L23 PARMinerV2.sol#L58

  1. Title : Saving gas by removing = 0

https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/core/VaultsCore.sol#L402

If a variable was not set/initialized, it is assumed to have default value to 0 this implementation was used for saving more gas by removing = 0

##TOOLS USED Manual Review

##Mitigation Step Remove = 0

  1. Title : Shorter code for saving more gas

https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/liquidityMining/PARMiner.sol#L223-L224

this implementation below can be used for saving more gas. since it called once, so you dont need to declare _accAmountPerShare for userInfo.accParAmountPerShare. it can be directly into userInfo.accAmountPerShare.

##Tool Used Manual Review

##Recommended Mitigation

    userInfo.accAmountPerShare = _accAmountPerShare;
    userInfo.accParAmountPerShare = _accParAmountPerShare;

changed to

    userInfo.accParAmountPerShare = userInfo.accAmountPerShare
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter