Back to ajtra's contests

Swivel v3 contest - ajtra's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 68/78

Findings: 1

Award: $33.75

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySwivel

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xsam, Avci, Aymen0909, Bnke0x0, CRYP70, ElKu, Fitraldys, Funen, JC, Kaiziron, MadWookie, Meera, ReyAdmirado, Sm4rty, Soosh, TomJ, Waze, _Adam, __141345__, ajtra, benbaessler, c3phas, csanuragjain, durianSausage, exd0tpy, fatherOfBlocks, hake, ignacio, karanctf, kyteg, m_Rassska, oyc_109, rbserver, robee, rokinot, samruna, sashik_eth, simon135, slywaters

Awards

33.7544 USDC - $33.75

Labels

bug
duplicate
G (Gas Optimization)
wontfix

External Links

Link to GitHub issue

  1. ++var (--var) cost less gas than var++ (var--). post-increment/decrement cost more gas then pre-increment/decrement Swivel.sol line 100 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L100 unchecked {i++;} Swivel.sol line 269 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L269 unchecked {i++;} Swivel.sol line 418 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L418 i++; Swivel.sol line 511 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L511 x++; Swivel.sol line 564 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L564 i++;

  2. Operatos <= or >= cost more gas than operators < or >. Change all <= / >= operators for < / > and remember to increse / decrese in consecuence to maintain the logic (example, a <= b for a < b + 1) ZcToken.sol line 112 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L112 if (allowed >= previewAmount) ZcToken.sol line 133 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L133 if (allowed >= principalAmount) { revert Approvals(allowed, principalAmount); } LibFuse.sol line 39 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Marketplace/LibFuse.sol#L39 if(borrowRateMantissa <= 0.0005e16) { revert RATE(); } Swivel.sol line 712 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L712 rreturn IYearn(c).deposit(a) >= 0; Swivel.sol line 727 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L727 return IErc4626(c).deposit(a, address(this)) >= 0; Swivel.sol line 745 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L745 return IYearn(c).withdraw(a) >= 0; Swivel.sol line 749 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L749 return IAave(aaveAddr).withdraw(u, a, address(this)) >= 0; Swivel.sol line 757 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L757 return IErc4626(c).withdraw(a, address(this), address(this)) >= 0; LibCompound.sol line 28 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/LibCompound.sol#L28 require(borrowRateMantissa <= 0.0005e16, "RATE_TOO_HIGH"); LibFuse.sol line 36 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/LibFuse.sol#L36 require(borrowRateMantissa <= 0.0005e16, "RATE_TOO_HIGH");

  3. != 0 is cheaper than >. Replace all > 0 for != 0 VaultTracker.sol line 54 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L54 if (vlt.notional > 0) VaultTracker.sol line 59 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L59 if (maturityRate > 0) VaultTracker.sol line 93 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L93 if (maturityRate > 0) VaultTracker.sol line 123 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L123 if (maturityRate > 0) VaultTracker.sol line 165 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L165 if (maturityRate > 0) VaultTracker.sol line 181 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L181 if (to.notional > 0) VaultTracker.sol line 184 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L184 if (maturityRate > 0) VaultTracker.sol line 222 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L222 if (maturityRate > 0) VaultTracker.sol line 54 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L54 if (vlt.notional > 0) VaultTracker.sol line 59 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L59 if (maturityRate > 0) VaultTracker.sol line 93 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L93 if (maturityRate > 0) VaultTracker.sol line 123 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L123 if (maturityRate > 0) VaultTracker.sol line 165 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L165 if (maturityRate > 0) VaultTracker.sol line 181 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L181 if (to.notional > 0) VaultTracker.sol line 184 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L184 if (maturityRate > 0) VaultTracker.sol line 222 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L222 if (maturityRate > 0)

  4. Variable1 = Variable1 + (-) Variable2 is cheaper in gas cost than variable1 += (-=) variable2.. VaultTracker.sol line 67 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L67 vlt.redeemable += interest; VaultTracker.sol line 68 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L68 vlt.notional += a; VaultTracker.sol line 102 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L102 vlt.redeemable += interest; VaultTracker.sol line 103 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L103 vlt.notional -= a; VaultTracker.sol line 174 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L174 from.redeemable += interest; VaultTracker.sol line 175 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L175 from.notional -= a; VaultTracker.sol line 193 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L193 to.redeemable += newVaultInterest; VaultTracker.sol line 194 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L194 to.notional += a; VaultTracker.sol line 213 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L213 oVault.notional -= a; VaultTracker.sol line 230 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L230 sVault.redeemable += interest; VaultTracker.sol line 234 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/VaultTracker.sol#L234 sVault.notional += a; ZcToken.sol line 115 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L115 allowance[holder][msg.sender] -= previewAmount; ZcToken.sol line 134 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L134 allowance[holder][msg.sender] -= principalAmount;
    Swivel.sol line 121 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L121 filled[hash] += a; Swivel.sol line 158 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L158 filled[hash] += a; Swivel.sol line 193 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L193 filled[hash] += a; Swivel.sol line 222 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L222 filled[hash] += a; Swivel.sol line 287 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L287 filled[hash] += a; Swivel.sol line 318 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L318 filled[hash] += a; Swivel.sol line 348 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L348 filled[hash] += a; Swivel.sol line 383 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L383 filled[hash] += a; VaultTracker.sol line 67 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L67 vlt.redeemable += interest; VaultTracker.sol line 68 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L68 vlt.notional += a; VaultTracker.sol line 102 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L102 vlt.redeemable += interest; VaultTracker.sol line 103 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L103 vlt.notional -= a; VaultTracker.sol line 174 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L174 from.redeemable += interest; VaultTracker.sol line 175 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L175 from.notional -= a; VaultTracker.sol line 193 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L193 to.redeemable += newVaultInterest; VaultTracker.sol line 194 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L194 to.notional += a; VaultTracker.sol line 213 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L213 oVault.notional -= a; VaultTracker.sol line 230 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L230 sVault.redeemable += interest; VaultTracker.sol line 234 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/VaultTracker/VaultTracker.sol#L234 sVault.notional += a;

  5. Calldata vs memory. Use calldata instead of memory in a function parameter when you are only to read the data can save gas by storing it in calldata ZcToken.sol line 31 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L31 constructor(uint8 _protocol, address _underlying, uint256 _maturity, address _cToken, address _redeemer, string memory _name, string memory _symbol, uint8 _decimals) Swivel.sol line 495 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L495 function setFee(uint16[] memory i, uint16[] memory d) external authorized(admin) returns (bool) {

  6. Use bytes32 instead of string. Use bytes32 instead of string when it's possible to save some gas. Swivel.sol line 25 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L25 string constant public NAME = 'Swivel Finance'; Swivel.sol line 26 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L26 string constant public VERSION = '3.0.0';

#0 - robrobbins

2022-08-31T17:53:21Z

dupes or wontfix

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter