Platform: Code4rena
Start Date: 19/04/2022
Pot Size: $30,000 USDC
Total HM: 10
Participants: 43
Period: 3 days
Judges: moose-code, JasoonS
Total Solo HM: 7
Id: 90
League: ETH
Rank: 24/43
Findings: 2
Award: $94.90
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xkatana, Dravee, Kenshin, Tadashi, TerrierLover, abhinavmir, defsec, ellahi, fatima_naz, foobar, gzeon, hyh, joestakey, kebabsec, kenta, minhquanym, oyc_109, rayn, robee, sseefried, xpriment626, z3s
65.6376 USDC - $65.64
nonReentrant modifier at burn function which calls external contracts several timeshttps://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L96
burn function calls external contracts several times. It is worth using nonReentrant.
Add nonReentrant modifier
Following arguments do not have address(0) check. For the safety, it should have address(0) check.
_registry argumenthttps://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L47
_assetAggregator argumenthttps://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L60
Add require check for address(0) at the above mentioned arguments.
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s
29.2584 USDC - $29.26
2022-04-phuture/contracts/IndexLogic.sol 76,44: require(lastAssetBalanceInBase > 0, "Index: INSUFFICIENT_AMOUNT"); 86,17: if (fee > 0) { 98,23: require(value > 0, "Index: INSUFFICIENT_AMOUNT"); 114,21: if (fee > 0) { 141,29: if (lastOrderId > 0) {
2022-04-phuture/contracts/ManagedIndexReweightingLogic.sol 56,19: if (i > 0) { 61,27: if (newWeight > 0) { 98,24: if (shares > 0) {
2022-04-phuture/contracts/PhutureIndex.sol 56,24: if (timePassed > 0) { 64,21: if (fee > 0) {
2022-04-phuture/contracts/TopNMarketCapIndex.sol 56,24: if (weight > 0) {
2022-04-phuture/contracts/TopNMarketCapReweightingLogic.sol 58,32: if (shares > 0) { 79,32: if (weight > 0) { 106,24: if (shares > 0) {
2022-04-phuture/contracts/vToken.sol 160,26: if (_totalSupply > 0) {
2022-04-phuture/contracts/libraries/FullMath.sol 35,37: require(denominator > 0); 122,43: if (mulmod(a, b, denominator) > 0) {
2022-04-phuture/contracts/libraries/IndexLibrary.sol 29,35: require(_assetPerBaseInUQ > 0, "IndexLibrary: ORACLE");
2022-04-phuture/contracts/libraries/NAV.sol 49,24: require(shares > 0, "NAV: INSUFFICIENT_AMOUNT"); 59,24: require(amount > 0, "NAV: INSUFFICIENT_SHARES_BURNED");
Following codebase sets 0 for uint in the for loop. But setting 0 is not needed, and the gas cost can be reduced by omitting it.
https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/UniswapV2PathPriceOracle.sol#L34
https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/UniswapV2PathPriceOracle.sol#L49
Simply avoiding setting 0 can reduce the gas cost.
for (uint i; i < path.length - 1; i++) {