InsureDAO contest - Meta0xNull's results

Anyone can create an insurance pool like Uniswap.

General Information

Platform: Code4rena

Start Date: 07/01/2022

Pot Size: $80,000 USDC

Total HM: 21

Participants: 37

Period: 7 days

Judge: 0xean

Total Solo HM: 14

Id: 71

League: ETH

InsureDAO

Findings Distribution

Researcher Performance

Rank: 29/37

Findings: 2

Award: $40.50

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository InsureDAO

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: Dravee, Meta0xNull, hyh, ospwner, robee

Labels

bug

duplicate

1 (Low Risk)

resolved

Awards

37.3929 INSURE - $13.09

22.7028 USDC - $22.70

External Links

Link to GitHub issue

Handle

Meta0xNull

Vulnerability details

Impact

A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.

Proof of Concept

https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L81-L83

Tools Used

Manual Review

Recommended Mitigation Steps

Requires Addresses is not zero.

require(_registry != address(0), "Address Can't Be Zero") require(_ownership != address(0), "Address Can't Be Zero")

#0 - 0xHaku
2022-01-26T10:20:25Z

@oishun1112 already fixed.

#1 - oishun1112
2022-01-27T06:50:23Z

https://github.com/InsureDAO/pool-contracts/blob/audit/code4rena/contracts/Factory.sol#L79-L80

#2 - 0xean
2022-01-28T02:27:38Z

dupe of #120

Findings Information

🌟 Selected for report: 0xngndev

Also found by: Dravee, Jujic, Meta0xNull, defsec, p4st13r4, robee, sirhashalot, tqts

Labels

bug

duplicate

G (Gas Optimization)

Awards

2.9784 INSURE - $1.04

1.5637 USDC - $1.56

External Links

Link to GitHub issue

Handle

Meta0xNull

Vulnerability details

Impact

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Proof of Concept

https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Ownership.sol#L39 https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Ownership.sol#L47

Tools Used

Manual Review

Recommended Mitigation Steps

Shorten the revert strings to fit in 32 bytes.

Or consider using Custom Errors (solc >=0.8.4).

#0 - oishun1112
2022-01-13T18:07:26Z

https://github.com/code-423n4/2022-01-insure-findings/issues/87

Findings Information

🌟 Selected for report: Dravee

Also found by: Jujic, Meta0xNull, Tomio, defsec, egjlmn1, robee

Labels

bug

duplicate

G (Gas Optimization)

Awards

2.4125 INSURE - $0.84

1.2666 USDC - $1.27

External Links

Link to GitHub issue

Handle

Meta0xNull

Vulnerability details

Impact

The local variable used as for loop index need not be initialized to 0 because the default value is 0. Avoiding this anti-pattern can save a few opcodes and therefore a tiny bit of gas.

Proof of Concept

https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L176 https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Factory.sol#L186

Tools Used

Manual Review

Recommended Mitigation Steps

for (uint256 i = 0; After for (uint256 i;

#0 - oishun1112
2022-01-13T18:07:49Z

https://github.com/code-423n4/2022-01-insure-findings/issues/40

InsureDAO contest - Meta0xNull's results

Anyone can create an insurance pool like Uniswap.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $35.79

Gas Report - $4.71

QA Report - $35.79

Gas Report - $4.71

[L-02] Constructor Does Not Check for Zero Addresses - $35.79

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xHaku2022-01-26T10:20:25Z

#1 - oishun11122022-01-27T06:50:23Z

#2 - 0xean2022-01-28T02:27:38Z

[G-97] Long Revert Strings are Waste of Gas - $2.60

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - oishun11122022-01-13T18:07:26Z

[G-74] Avoid Initialization of Loop Index If It Is 0 to Save Gas - $2.11

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - oishun11122022-01-13T18:07:49Z

#0 - 0xHaku
2022-01-26T10:20:25Z

#1 - oishun1112
2022-01-27T06:50:23Z

#2 - 0xean
2022-01-28T02:27:38Z

#0 - oishun1112
2022-01-13T18:07:26Z

#0 - oishun1112
2022-01-13T18:07:49Z