Platform: Code4rena
Start Date: 16/11/2021
Pot Size: $50,000 ETH
Total HM: 11
Participants: 17
Period: 7 days
Judge: LSDan
Total Solo HM: 8
Id: 49
League: ETH
Rank: 11/17
Findings: 2
Award: $1,066.72
🌟 Selected for report: 3
🚀 Solo Findings: 0
🌟 Selected for report: Meta0xNull
Meta0xNull
Is possible to Input 0 for _compoundingPeriod and will break Calculation in function epochs().
https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/market/OverlayV1OI.sol#L28 https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/market/OverlayV1OI.sol#L47-L61
Manual Review
require(_compoundingPeriod > 0, "_compoundingPeriod Can't Be Zero")
#0 - mikeyrf
2021-12-07T21:18:06Z
sponsor disputed reason - will never be zero given this is passed microWindow from OverlayV1UniswapV3Market.sol in the constructor
#1 - dmvt
2021-12-20T19:46:24Z
There is nothing that requires this to be constructor to be called by OverlayV1UniswapV3Market.sol. Ideally you would still have a zero check, just to prevent future uninformed user issues. Taken in isolation, the report holds.
🌟 Selected for report: pauliax
Also found by: Meta0xNull, pants, ye0lde
Meta0xNull
Open TODOs can hint at programming or architectural errors that still need to be fixed.
https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/market/OverlayV1OI.sol#L108 https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/collateral/OverlayV1OVLCollateral.sol#L304 More...
Manual Review
Fix TODOs List and Remove it.
#0 - mikeyrf
2021-12-07T00:06:52Z
duplicate #116
🌟 Selected for report: xYrYuYx
Also found by: Meta0xNull
Meta0xNull
_beforeTokenTransfer() and _afterTokenTransfer() Both Functions Do Nothing But was used in _burn(), _mint(), _transfer() etc. This will waste gas.
https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/ovl/OverlayToken.sol#L411-L423 https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/ovl/OverlayToken.sol#L376-L395 More...
Manual Review
Remove _beforeTokenTransfer() and _afterTokenTransfer().
Remove Both within Functions that use them like _burn(), _mint(), _transfer() etc.
#0 - mikeyrf
2021-12-07T00:04:39Z
duplicate #23
🌟 Selected for report: Meta0xNull
0.0043 ETH - $20.05
Meta0xNull
A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/collateral/OverlayV1OVLCollateral.sol#L75 https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/OverlayV1UniswapV3Market.sol#L29-L33 https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/market/OverlayV1Governance.sol#L56 More...
Manual Review
Requires Addresses are not zero.
Example: require(_mothership != address(0), "_mothership Address Can't Be Zero")
#0 - commercium-sys
2021-12-07T21:14:45Z
We intend on deploying with the correct arguments.
#1 - dmvt
2021-12-21T14:25:26Z
Sometimes accidents happen and our best intentions are unrealised. In that case, checks here will save you gas. Report is valid.
🌟 Selected for report: Meta0xNull
Meta0xNull
_msgSender() Only Useful for Meta Transaction. Use _msgSender() to get msg.sender here is waste of gas.
https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/ovl/OverlayToken.sol#L81 https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/ovl/OverlayToken.sol#L108 https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/ovl/OverlayToken.sol#L129 More...
Manual Review
Replace _msgSender() with msg.sender.
#0 - mikeyrf
2021-12-07T00:26:21Z
duplicate #118
#1 - dmvt
2021-12-21T14:30:26Z
Not a duplicate. #118 refers to code consistency. This one refers to gas savings. They are reporting different issues and recommending different things despite being focused on the same function.
🌟 Selected for report: hyh
Also found by: Meta0xNull
Meta0xNull
<code>Position.Info storage pos = positions[_positionId];</code> SSTORE pos at the beginning of function.
<code>require(0 < pos.oiShares, "OVLV1:liquidated");</code> <code>bool _isLong = pos.isLong;</code> <code>MarketInfo memory _marketInfo = marketInfo[pos.market];</code> More... Multiple SLOAD storage pos within the function is waste of gas.
Manual Review
Position.Info memory pos = positions[_positionId];
Try to Use Memory Rather Than Storage until Need to Store Data in Storage.
Position.Info storage pos = positions[_positionId] pos.oiShares = 0; pos.debt = 0;
#0 - mikeyrf
2021-12-07T14:44:50Z
duplicate #138