Swivel v3 contest - JC's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 49/78

Findings: 2

Award: $70.06

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Swivel

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 8olidity, Avci, Bahurum, Bnke0x0, Chom, ElKu, Funen, GimelSec, JC, Junnon, Kaiziron, Meera, PaludoX0, Picodes, ReyAdmirado, Sm4rty, Soosh, Waze, _Adam, __141345__, ak1, aysha, benbaessler, bin2chen, c3phas, cccz, cryptphi, csanuragjain, defsec, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, itsmeSTYJ, jonatascm, kyteg, mektigboy, oyc_109, pashov, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, scaraven, simon135, slywaters

Awards

44.257 USDC - $44.26

Labels

bug

duplicate

QA (Quality Assurance)

sponsor disputed

wontfix

External Links

Link to GitHub issue

[N-01] Open todos Code architecture, incentives, and error handling/reporting questions/issues should be resolved before deployment

#0 - JTraversa
2022-07-25T07:27:48Z

low hanging "TODO" that may be there in future versions, normally considerations / acknowledgements. It gives people a view into our current thought processes.

#1 - robrobbins
2022-08-31T01:01:38Z

addressed elsewehere

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xsam, Avci, Aymen0909, Bnke0x0, CRYP70, ElKu, Fitraldys, Funen, JC, Kaiziron, MadWookie, Meera, ReyAdmirado, Sm4rty, Soosh, TomJ, Waze, _Adam, __141345__, ajtra, benbaessler, c3phas, csanuragjain, durianSausage, exd0tpy, fatherOfBlocks, hake, ignacio, karanctf, kyteg, m_Rassska, oyc_109, rbserver, robee, rokinot, samruna, sashik_eth, simon135, slywaters

Awards

25.8015 USDC - $25.80

Labels

bug

G (Gas Optimization)

resolved

External Links

Link to GitHub issue

[G-01] ++i costs less gas than i++, especially when it's used in for loops (same for ++j vs j++)

Instances include: https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L100 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L269 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L418 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L564

[G-02] calldata instead of memory for read-only function parameter If a reference type function parameter is read-only, it is cheaper in gas to use calldata instead of memory. Calldata is a non-modifiable, non-persistent area where function arguments are stored, and behaves mostly like memory. Try to use calldata as a data location because it will avoid copies and also makes sure that the data cannot be modified.

Instances include: https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L495 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Marketplace/MarketPlace.sol#L68 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Marketplace/MarketPlace.sol#L69 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L36 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L37

[G-03] <x> += <y> costs more gas than <x> = <x> + <y> for state variables (also <x> -= <y> vs <x> = <x> - <y>)

[G-04] Using private rather than public for constants saves gas If needed, the value can be read from the verified contract source code. Savings are due to the compiler not having to create non-payable getter functions for deployment calldata, and not adding another entry to the method ID table.

Instances include: https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L25 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L26 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L27 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L35

#0 - robrobbins
2022-08-22T18:54:39Z

++ addressed: https://github.com/Swivel-Finance/gost/pull/428

#1 - robrobbins
2022-08-22T19:32:07Z

+= = -= addressed https://github.com/Swivel-Finance/gost/pull/429

not switching CONST to private as they are often queried from dapps / fe

Swivel v3 contest - JC's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-31] QA Report - $44.26

Findings Information

Awards

Labels

External Links

#0 - JTraversa2022-07-25T07:27:48Z

#1 - robrobbins2022-08-31T01:01:38Z

[G-16] Gas Report - $25.80

Findings Information

Awards

Labels

External Links

#0 - robrobbins2022-08-22T18:54:39Z

#1 - robrobbins2022-08-22T19:32:07Z

#0 - JTraversa
2022-07-25T07:27:48Z

#1 - robrobbins
2022-08-31T01:01:38Z

#0 - robrobbins
2022-08-22T18:54:39Z

#1 - robrobbins
2022-08-22T19:32:07Z