Back to Rahoz's contests

Redacted Cartel contest - Rahoz's results

Boosted GMX assets from your favorite liquid token wrapper, Pirex - brought to you by Redacted Cartel.

General Information

Platform: Code4rena

Start Date: 21/11/2022

Pot Size: $90,500 USDC

Total HM: 18

Participants: 101

Period: 7 days

Judge: Picodes

Total Solo HM: 4

Id: 183

League: ETH

Redacted Cartel

Findings Distribution

Researcher Performance

Rank: 92/101

Findings: 1

Award: $39.65

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRedacted Cartel

Findings Information

🌟 Selected for report: gzeon

Also found by: 0xPanda, 0xSmartContract, B2, Deivitto, Diana, JohnSmith, PaludoX0, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Schlagatron, Secureverse, Tomio, __141345__, adriro, ajtra, aphak5010, c3phas, chaduke, codeislight, cryptonue, datapunk, dharma09, halden, karanctf, keccak123, oyc_109, pavankv, sakshamguruji, saneryee, unforgiven

Awards

39.6537 USDC - $39.65

Labels

bug
G (Gas Optimization)
grade-b
sponsor disputed
G-06

External Links

Link to GitHub issue

Add unchecked {} for subtractions where the operands cannot underflow because of a previous

Because fees[f] never greater than FEE_MAX, it will make feeAmount always lower than assets. We can add unchecked for postFeeAmount to save gas here

Proof of Concept

https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/PirexGmx.sol#L223

Should use memory to save sload

When update user rewards accrual state via PirexRewards.userAccrue, UserState was load from storage and it calculate rewards with read 3 time to storage We should create it as memory to save 2 SLOAD

Proof of Concept

https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/PirexRewards.sol#L285-L291

UserState storage u to UserState memory u

Should approve onetime only

When user call AutoPxGlp.depositFsGlp / AutoPxGlp.depositGlp it will approve for PirexGmx before proceed with the deposit Since there is a contract, we should consider to approve type(uint256).max in constructor, so eachtime call deposit, it dont need to approve again and again

Proof of Concept

https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGlp.sol#L347 https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGlp.sol#L391

Save one step transfer from sender

When user call AutoPxGlp.depositFsGlp it will take stakedGlp from sender and transfer to AutoPxGlp, then it approve for PirexGmx before transfer token again from AutoPxGlp to PirexGmx

Proof of Concept

https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGlp.sol#L344-L352

We should consider to just transfer one time from sender directly to PirexGmx

#0 - c4-judge

2022-12-05T14:29:11Z

Picodes marked the issue as grade-b

#1 - drahrealm

2022-12-09T05:42:41Z

With the latest changes to the codebase (not reflected in the frozen codebase for audit here), some of the tips here are no longer beneficial, while others are considered minor relative to the added code complexity (aside from the fact that the target chains of the protocol is Arbitrum and Avalanche)

#2 - c4-sponsor

2022-12-09T05:42:46Z

drahrealm marked the issue as sponsor disputed

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter