Back to Tomio's contests

Phuture Finance contest - Tomio's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Platform: Code4rena

Start Date: 19/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 43

Period: 3 days

Judges: moose-code, JasoonS

Total Solo HM: 7

Id: 90

League: ETH

Phuture Finance

Findings Distribution

Researcher Performance

Rank: 33/43

Findings: 1

Award: $38.54

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Phuture Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s

Awards

38.5445 USDC - $38.54

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

Using multiple require() instead of && can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86

Recommended Mitigation Steps: Change to:

	require(basePrice > 0, "ChainlinkPriceOracle: NEGATIVE");
	require(quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE");

========================================================================

Caching .length() for loop can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L39 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L60 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L38 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L50

Recommended Mitigation Steps: Change to:

	uint length = assets.length();
	for (uint i; i < length ; ++i) {

========================================================================

Using != instead of > is more gas efficient

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L76 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L86 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L98

Recommended Mitigation Steps: Change to:

	require(lastAssetBalanceInBase != 0, "Index: INSUFFICIENT_AMOUNT");

========================================================================

Using unchecked and prefix increment can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L30

Recommended Mitigation Steps: Change to:

for (uint i; i < _assets.length;) {
            address asset = _assets[i];
            uint8 weight = _weights[i];

            weightOf[asset] = weight;
            assets.add(asset);

            emit UpdateAnatomy(asset, weight);
	unchecked{
		++i; //@audit-info: Place here with unchecked		
        }
    }

========================================================================

Using += to increase value on var

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L71

Recommended Mitigation Steps: Change to:

	_totalWeight += newWeight - prevWeight;

========================================================================

Using if statement instead else if

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndexReweightingLogic.sol#L74-L78 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L79-L83 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L96

Recommended Mitigation Steps: Using if statement can save gas Change to:

		if (newShares > oldShares) {
                    orderer.addOrderDetails(orderId, asset, newShares - oldShares, IOrderer.OrderSide.Buy);
                } 
		if (oldShares > newShares) { //@audit-info: Replacing else if with if statement here
                    orderer.addOrderDetails(orderId, asset, oldShares - newShares, IOrderer.OrderSide.Sell);
                }

========================================================================

Use immutable variables can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L33 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L24 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L27

Recommended Mitigation Steps: use immutable

========================================================================

Gas improvement on calling SafeERC20.function

Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/vToken.sol#L219

Recommended Mitigation Steps: by removing L#23 and directly call SafeERC20.function

Change to:

	SafeERC20.safeTransfer(asset, _recipient, Math.min(_amount, balance))

========================================================================

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Contests

Get in touch

Contact Twitter