Axelar Network v2 contest - RedOneN's results

Decentralized interoperability network.

General Information

Platform: Code4rena

Start Date: 29/07/2022

Pot Size: $50,000 USDC

Total HM: 6

Participants: 75

Period: 5 days

Judge: GalloDaSballo

Total Solo HM: 3

Id: 149

League: ETH

Axelar Network

Findings Distribution

Researcher Performance

Rank: 33/75

Findings: 2

Award: $88.03

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Axelar Network

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x1f8b, 0x52, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, IllIllI, JC, Lambda, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Twpony, Waze, Yiko, __141345__, ajtra, apostle0x01, ashiq0x01, asutorufos, bardamu, benbaessler, berndartmueller, bharg4v, bulej93, c3phas, cccz, ch13fd357r0y3r, codexploder, cryptonue, cryptphi, defsec, djxploit, durianSausage, fatherOfBlocks, gogo, hansfriese, horsefacts, ignacio, kyteg, lucacez, mics, rbserver, robee, sashik_eth, simon135, sseefried, tofunmi, xiaoming90

Awards

56.1473 USDC - $56.15

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

[L-01] Unused RECEIVE() Function will lock ether in contract.

If the intention is for the Ether to be used, the function should call another function, otherwise it should revert

File: DepositReceiver.sol DepositReceiver.sol#L29

[L-02] Missing Checks for APPROVE()'s return status

Some tokens, such as Tether (USDT) return false rather than reverting if the approval fails. Use OpenZeppelin’s safeApprove(), which reverts if there’s a failure, instead.

File: AxelarDepositService.sol AxelarDepositService.sol#L30

File: ReceiverImplementation.sol ReceiverImplementation.sol#L38 ReceiverImplementation.sol#L64 ReceiverImplementation.sol#L86

[N-01] Consider using a more recent version of solidity

#0 - re1ro
2022-08-05T04:10:07Z

Dup #3

#1 - GalloDaSballo
2022-09-01T00:45:54Z

[L-01] Unused RECEIVE() Function will lock ether in contract.

Invalid as Deposit receiver needs that for WETH

[L-02] Missing Checks for APPROVE()'s return status

Valid L

[N-01] Consider using a more recent version of solidity

1L 1NC

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi

Awards

31.8812 USDC - $31.88

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

[G-01] - Functions guaranteed to revert when called by normal users (such as onlyOwner) can be marked payable.

File: AxelarGasService.sol AxelarGasService.sol#L120 AxelarGasService.sol#L136

[G-02] ++i/i++ should be UNCHECKED{++i}/UNCHECKED{i++} when it is not possible for them to overflow, as is the case when used in for and while loops.

File: AxelarGasService.sol AxelarGasService.sol#L123

File: AxelarDepositService.sol# AxelarDepositService.sol#L114 AxelarDepositService.sol#L168 AxelarDepositService.sol#L204

###[G-03] ++i costs less gas than i++, especially when it's use in for loops

File: AxelarGasService.sol AxelarGasService.sol#L123

File: AxelarDepositService.sol# AxelarDepositService.sol#L114 AxelarDepositService.sol#L168 AxelarDepositService.sol#L204

[G-04] Consider using a more recent version of solidity

Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value

[G-05] Consider turning some constant variable as private to save Gas.

FileAxelarDepositService.sol AxelarDepositService.sol#L16

[G-06] Using > 0 costs more gas than != 0 when used on a uint.

File: AxelarDepositService.sol AxelarDepositService.sol#L165

#0 - re1ro
2022-08-05T04:09:40Z

Dup #2 and #3

#1 - GalloDaSballo
2022-08-23T01:03:21Z

Around 300 gas saved

Axelar Network v2 contest - RedOneN's results

Decentralized interoperability network.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-49] QA Report - $56.15

Findings Information

Awards

Labels

External Links

[L-01] Unused RECEIVE() Function will lock ether in contract.

[L-02] Missing Checks for APPROVE()'s return status

[N-01] Consider using a more recent version of solidity

#0 - re1ro2022-08-05T04:10:07Z

#1 - GalloDaSballo2022-09-01T00:45:54Z

[L-01] Unused RECEIVE() Function will lock ether in contract.

[L-02] Missing Checks for APPROVE()'s return status

[N-01] Consider using a more recent version of solidity

[G-43] Gas Report - $31.88

Findings Information

Awards

Labels

External Links

[G-01] - Functions guaranteed to revert when called by normal users (such as onlyOwner) can be marked payable.

[G-02] ++i/i++ should be UNCHECKED{++i}/UNCHECKED{i++} when it is not possible for them to overflow, as is the case when used in for and while loops.

[G-04] Consider using a more recent version of solidity

[G-05] Consider turning some constant variable as private to save Gas.

[G-06] Using > 0 costs more gas than != 0 when used on a uint.

#0 - re1ro2022-08-05T04:09:40Z

#1 - GalloDaSballo2022-08-23T01:03:21Z

#0 - re1ro
2022-08-05T04:10:07Z

#1 - GalloDaSballo
2022-09-01T00:45:54Z

#0 - re1ro
2022-08-05T04:09:40Z

#1 - GalloDaSballo
2022-08-23T01:03:21Z