Platform: Code4rena
Start Date: 26/09/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 113
Period: 5 days
Judge: 0xean
Total Solo HM: 6
Id: 166
League: ETH
Rank: 59/113
Findings: 2
Award: $76.06
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xNazgul
Also found by: 0x1f8b, 0x52, 0xDecorativePineapple, 0xSmartContract, 0xmatt, Aeros, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DimitarDimitrov, IllIllI, JC, Jeiwan, Lambda, Matin, Migue, Mukund, Ocean_Sky, Olivierdem, RaymondFam, RockingMiles, Rolezn, Ruhum, Satyam_Sharma, Shinchan, Tomo, Trabajo_de_mates, V_B, Waze, __141345__, a12jmx, ajtra, asutorufos, aysha, brgltd, bulej93, carrotsmuggler, catchup, cccz, chrisdior4, cryptonue, cryptphi, d3e4, defsec, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, kaden, karanctf, ladboy233, lukris02, mahdikarimi, martin, mics, natzuu, oyc_109, p_crypt0, pedr02b2, rbserver, reassor, rotcivegaf, rvierdiiev, sikorico, slowmoses, sorrynotsorry, tnevler, trustindistrust
52.0351 USDC - $52.04
1. Give a error message for 'require(poolByPair[token0][token1] == address(0))' (line 63 of ./core/contracts/AlgebraFactory.sol). The 2 first require of the function do not need a error message, but the require checking if the pool already exists should return a small message to explain why the tx fails if it fails. 2. Use longer and less confusing error message in the requires (ex: 'IIAM2', 'IIL2', 'IIAM', 'LOK', as error message, decrease the overall readability of the code).
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x5rings, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, 0xmatt, Aeros, Amithuddar, Awesome, Aymen0909, B2, Bnke0x0, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, HardlyCodeMan, JC, Mukund, Noah3o6, Olivierdem, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Ruhum, Saintcode_, Shinchan, SnowMan, TomJ, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, c3phas, ch0bu, cryptonue, defsec, delfin454000, dharma09, durianSausage, emrekocak, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, imare, kaden, karanctf, ladboy233, lukris02, m_Rassska, martin, medikko, mics, natzuu, oyc_109, peiw, rbserver, ret2basic, rotcivegaf, saian, shark, slowmoses, tnevler, trustindistrust, zeesaw, zishansami
24.0179 USDC - $24.02
1. Do not use '+=' ('_position.fees0 += fees0', found line 257 and 258 of ./core/contract/AlgebraPool.sol). Instead use "_position.fees0 = _position.fees0 + fees0" in order to save some gas. 3. Use '> 0' instead of '!= 0' to save some gas. ('require(gamma1 != 0 && gamma2 != 0 && volumeGamma != 0, 'Gammas must be > 0')' should be 'require(gamma1 > 0 && gamma2 > 0 && volumeGamma > 0, 'Gammas must be > 0')', found line 110 in /core/contracts/AlgebraFactory.sol) (saves 36 gas per use). 4. Use assembly to write storage value. Line 358 in _updatePositionTicksAndFees() of ./core/contracts/AlgebraPool.sol, instead of "globalState.timepointIndex = newTimepointIndex;", use assembly {sstore(globalState.timepointIndex, newTimepointIndex)} to save gas. 5. Do not use '-=' ('amountRequired -= (step.input + step.feeAmount).toInt256();' line 801 ./core/contract/AlgebraPool.sol). Instead use "amountRequired = amountRequired - (step.input + step.feeAmount).toInt256()"; 6. Splitting require() that use '&&' saves gas (found line 110 of ./src/core/contracts/AlgebraFactory.sol). 7. Using uint smaller than 32 bytes incurs overhead. Each operation involving a uint8 costs an extra 22-28 gas (found line 925 in ./core/contracts/AlgebraPool.sol). 8. Use private rather than public for constants, for exemple the poolDeployer address of AlgebraFactory (found 20 of /Users/olivierdemeaux/Desktop/Code/Auditing/2022-09-quickswap/src/core/contracts/AlgebraFactory.sol).