Back to albincsergo's contests

Frax Ether Liquid Staking contest - albincsergo's results

A liquid ETH staking derivative designed to uniquely leverage the Frax Finance ecosystem.

General Information

Platform: Code4rena

Start Date: 22/09/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 133

Period: 3 days

Judge: 0xean

Total Solo HM: 2

Id: 165

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 123/133

Findings: 1

Award: $12.81

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami

Awards

12.8108 USDC - $12.81

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas optimisations

  1. When dealing with unsigned integer types, comparisons with != 0 are cheaper then with > 0.
src/frxETHMinter.sol::79 => require(sfrxeth_recieved > 0, 'No sfrxETH was returned');
src/frxETHMinter.sol::126 => require(numDeposits > 0, "Not enough ETH in contract");
  1. Uninitialized variables are assigned with the types default value. Explicitly initializing a variable with it's default value costs unnecesary gas.
src/DepositContract.sol::76 => for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH - 1; height++)
src/DepositContract.sol::83 => for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH; height++)
src/DepositContract.sol::148 => for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH; height++)
src/ERC20/ERC20PermitPermissionedMint.sol::84 => for (uint i = 0; i < minters_array.length; i++)
src/OperatorRegistry.sol::63 => for (uint256 i = 0; i < arrayLength; ++i)
src/OperatorRegistry.sol::84 => for (uint256 i = 0; i < times; ++i)
src/OperatorRegistry.sol::114 => for (uint256 i = 0; i < original_validators.length; ++i)
src/frxETHMinter.sol::129 => for (uint256 i = 0; i < numDeposits; ++i)
  1. Avoid floating pragmas for non-library contracts. While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to an older compiler version ending up checking a different EVM compilation that is ultimately deployed on the blockchain. It is recommended to pin to a concrete compiler version.
src/DepositContract.sol::12 => pragma solidity ^0.8.0;
src/ERC20/ERC20PermitPermissionedMint.sol::2 => pragma solidity ^0.8.0;
src/IsfrxETH.sol::2 => pragma solidity >=0.8.0;
src/OperatorRegistry.sol::2 => pragma solidity ^0.8.0;
src/Utils/Owned.sol::2 => pragma solidity ^0.8.0;
src/Utils/SigUtils.sol::2 => pragma solidity ^0.8.0;
src/frxETH.sol::2 => pragma solidity ^0.8.0;
src/frxETHMinter.sol::2 => pragma solidity ^0.8.0;
src/sfrxETH.sol::2 => pragma solidity ^0.8.0;
  1. Caching the array length outside a loop saves reading it on each iteration, as long as the array's length is not changed during the loop.
src/DepositContract.sol::108 => require(pubkey.length == 48, "DepositContract: invalid pubkey length");
src/DepositContract.sol::109 => require(withdrawal_credentials.length == 32, "DepositContract: invalid withdrawal_credentials length");
src/DepositContract.sol::110 => require(signature.length == 96, "DepositContract: invalid signature length");
src/ERC20/ERC20PermitPermissionedMint.sol::84 => for (uint i = 0; i < minters_array.length; i++)
src/OperatorRegistry.sol::62 => uint arrayLength = validatorArray.length;
src/OperatorRegistry.sol::100 => swapValidator(remove_idx, validators.length - 1);
src/OperatorRegistry.sol::114 => for (uint256 i = 0; i < original_validators.length; ++i) 
src/OperatorRegistry.sol::198 => return validators.length;
src/sfrxETH.sol::34 => The cycles are constant length, but calling syncRewards slightly into a would-be cycle keeps the same would-be endpoint (so cycle ends are every X seconds).
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter