Rubicon contest - antonttc's results

An order book protocol for Ethereum, built on L2s.

General Information

Platform: Code4rena

Start Date: 23/05/2022

Pot Size: $50,000 USDC

Total HM: 44

Participants: 99

Period: 5 days

Judge: hickuphh3

Total Solo HM: 11

Id: 129

League: ETH

Rubicon

Findings Distribution

Researcher Performance

Rank: 88/99

Findings: 2

Award: $30.93

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Rubicon

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0x1f8b, 0xDjango, 0xsomeone, ACai, Bahurum, BouSalman, CertoraInc, Deivitto, Dravee, GimelSec, IllIllI, JMukesh, Kaiziron, PP1004, Ruhum, SmartSek, VAD37, WatchPug, _Adam, aez121, antonttc, blockdev, broccolirob, camden, cccz, cryptphi, defsec, dipp, ellahi, fatherOfBlocks, gzeon, horsefacts, ilan, jayjonah8, joestakey, kenta, kenzo, minhquanym, oyc_109, pauliax, pedroais, peritoflores, sashik_eth, shenwilly, simon135, throttle, xiaoming90, z3s

Awards

0.1022 USDC - $0.10

Labels

bug

duplicate

2 (Med Risk)

External Links

Link to GitHub issue

Low severity

`offer` won't work with non-standard ERC20 that doesn't return true on transferFrom

The codebase use transferFrom in functions like swap and offer and enforce a true returned to proceed. This might not work with some existing ERC20. Consider using safeERC20 as a safer and more widely adopted pattern.

#0 - HickupHH3
2022-06-25T03:12:21Z

dup of #316

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, Chom, DavidGialdi, Dravee, ElKu, FSchmoede, Fitraldys, Funen, GimelSec, JC, Kaiziron, MaratCerby, Metatron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SmartSek, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, berndartmueller, blackscale, blockdev, c3phas, catchup, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gzeon, hansfriese, ilan, joestakey, minhquanym, oyc_109, pauliax, pedroais, reassor, rfa, rotcivegaf, sach1r0, samruna, sashik_eth, simon135, z3s

Awards

30.8316 USDC - $30.83

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

Gas optimization

1. pack variables for `sortInfo` and `OfferInfo`.

Consider packing the sortInfo into a single 256 bits storage slot.

uint96 next; // should be sufficient for # of ids
uint96 prev;  //should be sufficient for # of ids
uint32 delb; // 32 bits is enough for timestamp or blockNumber

For OfferInfo, consider packing 2 amounts with the timestamp

struct OfferInfo {
    uint96 pay_amt;
    uint96 buy_amt;
    uint64 timestamp;
    ERC20 pay_gem
    ERC20 buy_gem;
    address owner;
}

Rubicon contest - antonttc's results

An order book protocol for Ethereum, built on L2s.

General Information

Findings Distribution

Researcher Performance

External Links

[M-03] QA Report - $0.10

Findings Information

Awards

Labels

External Links

Low severity

offer won't work with non-standard ERC20 that doesn't return true on transferFrom

#0 - HickupHH32022-06-25T03:12:21Z

[G-08] Gas Report - $30.83

Findings Information

Awards

Labels

External Links

Gas optimization

1. pack variables for sortInfo and OfferInfo.

`offer` won't work with non-standard ERC20 that doesn't return true on transferFrom

#0 - HickupHH3
2022-06-25T03:12:21Z

1. pack variables for `sortInfo` and `OfferInfo`.