Back to Gde's contests

Asymmetry contest - Gde's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Platform: Code4rena

Start Date: 24/03/2023

Pot Size: $49,200 USDC

Total HM: 20

Participants: 246

Period: 6 days

Judge: Picodes

Total Solo HM: 1

Id: 226

League: ETH

Asymmetry Finance

Findings Distribution

Researcher Performance

Rank: 198/246

Findings: 1

Award: $13.13

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAsymmetry Finance

Findings Information

🌟 Selected for report: brgltd

Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron

Awards

13.1298 USDC - $13.13

Labels

bug
grade-b
QA (Quality Assurance)
sponsor confirmed
Q-97

External Links

Link to GitHub issue

Empty Event

The Rebalanced event has no parameters in it to emit anything. Consider adding parameters or removing it.

event Rebalanced();

Declared here: SafEth.sol#L34

Used here: SafEth.sol#L154

Events Associated With Setter/Update Functions

Consider having events associated with setter/update functions emit both the new and old values instead of just the new value.

SafEth.sol#L216

emit ChangeMinAmount(minAmount);

SafEth.sol#L225

emit ChangeMaxAmount(maxAmount);

SafEth.sol#L207

emit SetMaxSlippage(_derivativeIndex, _slippage);

SafEth.sol#L174

emit WeightChange(_derivativeIndex, _weight);

Duplicated code that could be factorized

In SfrxEth.sol, at several places we use:

IERC20(SFRX_ETH_ADDRESS).balanceOf(address(this));

SfrxEth.sol#L98
SfrxEth.sol#L102

Whereas we could just reuse the public balance() method:
SfrxEth.sol#L122-L124

In Reth.sol

We duplicate lines to get the reth token address at different places:
Reth.sol#L187-L193
Reth.sol#L229-L235

We could just reuse rethAdress() defined here: Reth.sol#L66

Lock pragmas to specific compiler version

All the files are using an unlocked compiler version.

pragma solidity ^0.8.13;

Locking the pragma helps ensure that contracts do not accidentally get deployed using, for example, the latest compiler which may have higher risks of undiscovered bugs. Contracts may also be deployed by others and the pragma indicates the compiler version intended by the original authors. It is recommended to fix a concrete compiler version (latest without security issues).

Unused Function Parameters

Unused function parameters should be commented out to avoid warning when compiling files.

SfrxEth.sol#L111

WstEth.sol#L86

Exemple refactored:

function ethPerDerivative(
        uint256 /**_amount**/
) public view returns (uint256) {

#0 - c4-sponsor

2023-04-10T20:59:31Z

elmutt marked the issue as sponsor confirmed

#1 - c4-judge

2023-04-24T18:42:10Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter