Back to Tomio's contests

Alchemix contest - Tomio's results

A protocol for self-repaying loans with no liquidation risk.

General Information

Platform: Code4rena

Start Date: 05/05/2022

Pot Size: $125,000 DAI

Total HM: 17

Participants: 62

Period: 14 days

Judge: leastwood

Total Solo HM: 15

Id: 120

League: ETH

Alchemix

Findings Distribution

Researcher Performance

Rank: 53/62

Findings: 1

Award: $91.84

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAlchemix

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsomeone, AlleyCat, BowTiedWardens, Cityscape, Fitraldys, Funen, GimelSec, Hawkeye, JC, MaratCerby, MiloTruck, Randyyy, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, augustg, bobirichman, catchup, csanuragjain, ellahi, fatherOfBlocks, hake, hansfriese, horsefacts, ignacio, joestakey, kenta, mics, oyc_109, robee, samruna, sashik_eth, sikorico, simon135, throttle

Awards

91.8428 DAI - $91.84

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Title: Using != is more gas efficient

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/gALCX.sol#L75 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L544 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L556

Recommended Mitigation Steps:

    if (balance != 0) {

========================================================================

Title: Using delete statement can save gas

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L923

Recommended Mitigation Steps:

    delete yieldTokenParams.harvestableBalance;

========================================================================

Title: Caching .length for loop can save gas

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L990 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1282 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1355

Recommended Mitigation Steps: Change to:

    uint256 Length = depositedTokens.values.length;
    for (uint256 i = 0; i < Length; i++) {

========================================================================

Title: Using unchecked and prefix increment

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1282 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1355

Recommended Mitigation Steps:

    for (uint256 i = 0; i < depositedTokens.values.length;) {
            _distributeUnlockedCredit(depositedTokens.values[i]);
    unchecked{
        ++i; //@audit-info: Place here with unchecked
        }
      }
  }

========================================================================

Title: unnecessary value set. the default value of uint is 0.

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1458 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L534 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L549

Recommended Mitigation Steps: remove 0 value

========================================================================

Title: Gas improvement on returning totalValue value

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemistV2.sol#L1457

Recommended Mitigation Steps: by setting totalValue in returns and deleting L#1458 can save gas

    function _totalValue(address owner) internal view returns (uint256 totalValue) {  //@audit-info: set here
        //@audit-info: remove this line

        Sets.AddressSet storage depositedTokens = _accounts[owner].depositedTokens;
        for (uint256 i = 0; i < depositedTokens.values.length; i++) {
            address yieldToken             = depositedTokens.values[i];
            address underlyingToken        = _yieldTokens[yieldToken].underlyingToken;
            uint256 shares                 = _accounts[owner].balances[yieldToken];
            uint256 amountUnderlyingTokens = _convertSharesToUnderlyingTokens(yieldToken, shares);

            totalValue += _normalizeUnderlyingTokensToDebt(underlyingToken, amountUnderlyingTokens);
        }

        return totalValue;
    }

========================================================================

Title: Using unchecked to calculate want in _exchange()

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L538 https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/TransmuterBuffer.sol#L541

Recommended Mitigation Steps:

unchecked{
    want = totalUnderlyingBuffered - initialLocalBalance;
}

========================================================================

Title: Using ++ instead +1 can save gas

Proof of Concept; https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/StakingPools.sol#L172

Recommended Mitigation Steps:

	tokenPoolIds[_token] = ++_poolId;

========================================================================

Title: Using calldata to store struct data type can save gas

Proof of Concept: https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/libraries/Limiters.sol#L32

Recommended Mitigation Steps: Change memory to calldata

========================================================================

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter