Back to Meta0xNull's contests

Volt Protocol contest - Meta0xNull's results

Inflation Protected Stablecoin.

General Information

Platform: Code4rena

Start Date: 31/03/2022

Pot Size: $75,000 USDC

Total HM: 7

Participants: 42

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 5

Id: 102

League: ETH

Volt Protocol

Findings Distribution

Researcher Performance

Rank: 19/42

Findings: 2

Award: $216.80

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryVolt Protocol

Findings Information

🌟 Selected for report: rayn

Also found by: 0xDjango, 0xkatana, 0xkowloon, BouSalman, CertoraInc, Dravee, Funen, Hawkeye, IllIllI, Jujic, Kenshin, Kthere, Meta0xNull, Sleepy, TerrierLover, async, aysha, berndartmueller, catchup, cccz, cmichel, csanuragjain, danb, defsec, georgypetrov, hake, hubble, kenta, kyliek, pauliax, rfa, robee, sahar, shenwilly, teryanarmen

Awards

137.8903 USDC - $137.89

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

1) onlyGovernor Call revokeGovernor() Should Take Extra Care

Risk Level: Low

Impact

onlyGovernor is the Super User in this Protocol. onlyGovernor can change all the roles in this protocol. onlyGovernor also responsible to set important parameters. Thus, Revoke Governor Role should take extra care.

Proof of Concept

https://github.com/code-423n4/2022-03-volt/blob/main/contracts/core/Permissions.sol#L114-L116

Suggest revokeGovernor() Add Count Down Time eg. 7 Days as Cooling Down Period to double confirm onlyGovernor want to revoke his Governor role.

#0 - ElliotFriedman

2022-04-05T22:19:33Z

We agree that you have to be careful with the governor and revoking its abilities. Eventually the VOLT system will move to a timelock and token voting mechanism for governance so there will be a time-locked cool down period built in automatically.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xNazgul, 0xkatana, 0xkowloon, CertoraInc, Dravee, Funen, Hawkeye, Jujic, Kenshin, Meta0xNull, Sleepy, TerrierLover, catchup, csanuragjain, defsec, georgypetrov, kenta, okkothejawa, rayn, rfa, robee, saian, samruna

Awards

78.9108 USDC - $78.91

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

1) Long Revert Strings are Waste of Gas

Impact

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Proof of Concept

https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L117 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L123 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L239 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L277 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L402 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L415 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L428 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L441 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/peg/NonCustodialPSM.sol#L445

Shorten the revert strings to fit in 32 bytes.

#0 - ElliotFriedman

2022-04-04T17:02:04Z

Agreed that these could be changed to save a bit of gas on the sad path.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter