Back to MadWookie's contests

Illuminate contest - MadWookie's results

Your Sole Source For Fixed-Yields.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $55,000 USDC

Total HM: 29

Participants: 88

Period: 5 days

Judge: gzeon

Total Solo HM: 7

Id: 134

League: ETH

Illuminate

Findings Distribution

Researcher Performance

Rank: 51/88

Findings: 2

Award: $128.26

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryIlluminate

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kenshin, Kulk0, Lambda, Limbooo, MadWookie, Metatron, Picodes, Soosh, StErMi, TomJ, WatchPug, Waze, Yiko, _Adam, ak1, asutorufos, aysha, bardamu, catchup, datapunk, delfin454000, dipp, fatherOfBlocks, grGred, hake, hansfriese, hyh, joestakey, kebabsec, kenzo, kirk-baird, oyc_109, pashov, poirots, rfa, robee, saian, sashik_eth, shenwilly, simon135, slywaters, z3s, zeesaw, zer0dot

Awards

65.8003 USDC - $65.80

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

LOW

Missing address(0) check when setting immutable address variables.

The gas cost for this check is very minimal compared to the gas cost of redeployment if an address(0) is accidentally passed in.

1. File: Redeemer.sol#L54-55

    pendleAddr = p;
    tempusAddr = t;

2. File: MarketPlace.sol#L55-56

    redeemer = r;
    lender = l;

3. File: Lender.sol#L68-69

    pendleAddr = p;
    tempusAddr = t;

QA

Critical changes should use two-step procedure

1. File: Redeemer.sol#L62-65

    function setAdmin(address a) external authorized(admin) returns (bool) {
        admin = a;
        return true;
    }

2. File: Lender.sol#L129-132

    function setAdmin(address a) external authorized(admin) returns (bool) {
        admin = a;
        return true;
    }

3. File: MarketPlace.sol#L109-112

    function setAdmin(address a) external authorized(admin) returns (bool) {
        admin = a;
        return true;
    }

Variable names should be meaningful and give an idea of its purpose.

This is an issue persistent throughout almost the entire codebase.
Using a single letter as a variable name makes reading and understanding much more difficult.

Multiple files should not have the same name

1. File: MarketPlace.sol

2. File: MarketPlace.sol

Incorect @notice Natspec comment

This function sets swivelAddr not feenominator

1. File: Lender.sol#L153-159

    /// @notice sets the feenominator to the given value
    /// @param s the address of the Swivel.sol Router
    /// @return bool true if successful
    function setSwivel(address s) external authorized(admin) returns (bool) {
        swivelAddr = s;
        return true;
    }

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xkowloon, Bnke0x0, ElKu, Fitraldys, Funen, GalloDaSballo, IllIllI, JC, Kaiziron, Lambda, MadWookie, Noah3o6, Nyamcil, RoiEvenHaim, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, asutorufos, bardamu, c3phas, catchup, datapunk, defsec, delfin454000, fatherOfBlocks, grGred, hake, hansfriese, hyh, ignacio, joestakey, kebabsec, ladboy233, oyc_109, pashov, poirots, rfa, robee, sach1r0, samruna, sashik_eth, simon135, slywaters, z3s, zer0dot

Awards

62.4602 USDC - $62.46

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas Report

Cache storage variables in memory when reading more than once in a function.

Cache lender

1. File: Redeemer.sol#L132-136

2. File: Redeemer.sol#L177-180

3. File: Redeemer.sol#L221-224

4. File: Redeemer.sol#L256-259

Cache feenominator. You would assume a > 0 to be the majority of cases so caching will save gas on average overtime.

5. File: Lender.sol#L680-682

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter