Back to Secureverse's contests

Redacted Cartel contest - Secureverse's results

Boosted GMX assets from your favorite liquid token wrapper, Pirex - brought to you by Redacted Cartel.

General Information

Platform: Code4rena

Start Date: 21/11/2022

Pot Size: $90,500 USDC

Total HM: 18

Participants: 101

Period: 7 days

Judge: Picodes

Total Solo HM: 4

Id: 183

League: ETH

Redacted Cartel

Findings Distribution

Researcher Performance

Rank: 93/101

Findings: 1

Award: $39.65

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRedacted Cartel

Findings Information

🌟 Selected for report: gzeon

Also found by: 0xPanda, 0xSmartContract, B2, Deivitto, Diana, JohnSmith, PaludoX0, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Schlagatron, Secureverse, Tomio, __141345__, adriro, ajtra, aphak5010, c3phas, chaduke, codeislight, cryptonue, datapunk, dharma09, halden, karanctf, keccak123, oyc_109, pavankv, sakshamguruji, saneryee, unforgiven

Awards

39.6537 USDC - $39.65

Labels

bug
G (Gas Optimization)
grade-b
sponsor disputed
G-03

External Links

Link to GitHub issue

[GAS-01] Function that guaranteed to revert when called by normal user can be marked payable

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.

Instances (25):

File:         PirexFees.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L63-L77
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L83-L94
File:         PirexGmx.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L272-L289
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L300-L306
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L313-L368
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L862-L878
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L884-L890
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L895-L899
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L909-L915
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L921-L935
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L956-L974

File:         PirexRewards.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L93-L99
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L151-L172
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L179-L197
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L432-L437
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L461-L465


File:         vaults/AutoPxGlp.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L94-L100
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L106-L112
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L118-L124
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L130-L136

File:         vaults/AutoPxGmx.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L104-L110
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L116-L122
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L128-L134
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L140-L146
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L152-L158

[GAS-02] <x> += <y> costs more gas than <x> = <x> + <y> for state variables. Same condition also valid in case of "-"

Instances (6):

File:         PirexRewards.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L361

File:         PxERC20.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L85
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L90
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L119
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L124
File:         vaults/PxGmxReward.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/PxGmxReward.sol#L95

[GAS-03] Arithmetic Operation should be unchecked when ever it does not cause overflow or underflow (Specially in case of loops)

Should uncheck ++i can save extra gas

Instances (3):

File:         PirexRewards.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L163
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L351
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L396

[GAS-04] By making small logic change a significant amount of gas can be saved in case of loops

Here logic is that as >= costs less that > because The compiler uses opcodes GT and ISZERO for solidity code that uses >, but only requires LT for >=, which saves 3 gas

so during calculation of length of array we set memory variable to 1 less, so that in loop we use >= not >

        uint256 len = rewardTokens.length - 1 ; 

        for (uint256 i; i <= len; ++i) {   
            if (address(rewardTokens[i]) == address(rewardToken)) {
                revert TokenAlreadyAdded();
            }
        }

Instances (3):

File:         PirexRewards.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L161-L167
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L348-L351
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L387-L396

[GAS-05] Some Functions could be external instead of public

Instances (6):

File:         vaults/AutoPxGlp.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L151-L156
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L177-L181
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L449-L453
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L436-L440
File:         vaults/AutoPxGmx.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L315-L319
https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L339-L343

[GAS-06] Gas can be save by adding a require condition for return value for distributeFees() function in PirexFees.sol contract

In distributeFees() function, it first calculating the amount of ERC20 token, But it didn't check return value is non-zero or not Without checking that it moving further, as solmate safeTransfer() allow zero amount transfer this function successfully completed with zero transfer.

if there is a require() that checks uint distribution is non-zero can save further gas consumption

Instances (1):

File:         PirexFees.sol

https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L100-L116

#0 - c4-judge

2022-12-05T14:33:25Z

Picodes marked the issue as grade-b

#1 - drahrealm

2022-12-09T05:32:08Z

Considered minor savings relative to the added code complexity (aside from the fact that the target chains of the protocol is Arbitrum and Avalanche)

#2 - c4-sponsor

2022-12-09T05:32:12Z

drahrealm marked the issue as sponsor disputed

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter