Timeswap contest - Jujic's results

Like Uniswap, but for lending & borrowing.

General Information

Platform: Code4rena

Start Date: 04/01/2022

Pot Size: $75,000 USDC

Total HM: 17

Participants: 33

Period: 7 days

Judge: 0xean

Total Solo HM: 14

Id: 74

League: ETH

Timeswap

Findings Distribution

Researcher Performance

Rank: 22/33

Findings: 1

Award: $97.53

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Timeswap

Findings Information

🌟 Selected for report: 0x0x0x

Also found by: Dravee, Jujic, WatchPug, defsec, fatima_naz, rfa, ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

4.452 USDC - $4.45

External Links

Link to GitHub issue

Handle

Jujic

Vulnerability details

Impact

!= 0 is a cheaper operation compared to > 0, when dealing with uint.

Proof of Concept

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/TimeswapPair.sol#L369

if (assetIn > 0) Callback.pay(asset, assetIn, data);

Tools Used

Remix

Recommended Mitigation Steps

#0 - amateur-dev
2022-01-14T11:10:39Z

Similar issue reported over here #172 ; hence closing this

Findings Information

🌟 Selected for report: Jujic

Labels

bug

G (Gas Optimization)

resolved

sponsor confirmed

Awards

93.0809 USDC - $93.08

External Links

Link to GitHub issue

Handle

Jujic

Vulnerability details

Impact

Here you could use unchecked{++i} to save gas since it is more efficient then i++.

for (uint256 i; i < ids.length; i++) {

Proof of Concept

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/TimeswapPair.sol#L359

Tools Used

Remix

Recommended Mitigation Steps

#0 - Mathepreneur
2022-01-17T20:22:24Z

https://github.com/Timeswap-Labs/Timeswap-V1-Core/pull/101

Timeswap contest - Jujic's results

Like Uniswap, but for lending & borrowing.

General Information

Findings Distribution

Researcher Performance

External Links

Gas Report - $97.53

[G-25] > 0 can be replaced with != 0 for gas optimisation - $4.45

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - amateur-dev2022-01-14T11:10:39Z

🚀 [G-33] A more efficient for loop index proceeding - $93.08

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - Mathepreneur2022-01-17T20:22:24Z

#0 - amateur-dev
2022-01-14T11:10:39Z

#0 - Mathepreneur
2022-01-17T20:22:24Z