Platform: Code4rena
Start Date: 04/11/2022
Pot Size: $42,500 USDC
Total HM: 9
Participants: 88
Period: 4 days
Judge: 0xean
Total Solo HM: 2
Id: 180
League: ETH
Rank: 42/88
Findings: 2
Award: $65.42
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0xSmartContract, 0xc0ffEE, Aymen0909, B2, Deivitto, Josiah, KingNFT, Rahoz, RaymondFam, RedOneN, ReyAdmirado, Trust, ajtra, aviggiano, brgltd, c7e7eff, cryptonue, ctf_sec, delfin454000, djxploit, lukris02, peanuts, rvierdiiev, shark, simon135, slowmoses, tnevler, trustindistrust
44.2869 USDC - $44.29
i) MAX_BIDS
diff --git a/src/SizeSealed.sol b/src/SizeSealed.sol index e5380ff..c43001b 100644 --- a/src/SizeSealed.sol +++ b/src/SizeSealed.sol @@ -13,6 +13,9 @@ import {CommonTokenMath} from "./util/CommonTokenMath.sol"; /// @title Size Sealed Auction /// @author Size Market contract SizeSealed is ISizeSealed { + // Max of 1000 bids on an auction to prevent DOS + uint256 private constant MAX_BIDS = 1000; + /////////////////////////////// /// STATE /// /////////////////////////////// @@ -153,8 +156,7 @@ contract SizeSealed is ISizeSealed { ebid.encryptedMessage = encryptedMessage; uint256 bidIndex = a.bids.length; - // Max of 1000 bids on an auction to prevent DOS - if (bidIndex >= 1000) { + if (bidIndex >= MAX_BIDS) { revert InvalidState(); }
ii) REVEAL_PERIOD
diff --git a/src/SizeSealed.sol b/src/SizeSealed.sol index e5380ff..961123c 100644 --- a/src/SizeSealed.sol +++ b/src/SizeSealed.sol @@ -13,6 +13,8 @@ import {CommonTokenMath} from "./util/CommonTokenMath.sol"; /// @title Size Sealed Auction /// @author Size Market contract SizeSealed is ISizeSealed { + uint256 private constant REVEAL_PERIOD = 24 hours; + /////////////////////////////// /// STATE /// /////////////////////////////// @@ -32,9 +34,9 @@ contract SizeSealed is ISizeSealed { if (_state != States.AcceptingBids) revert InvalidState(); } else if (a.data.lowestQuote != type(uint128).max) { if (_state != States.Finalized) revert InvalidState(); - } else if (block.timestamp <= a.timings.endTimestamp + 24 hours) { + } else if (block.timestamp <= a.timings.endTimestamp + REVEAL_PERIOD) { if (_state != States.RevealPeriod) revert InvalidState(); - } else if (block.timestamp > a.timings.endTimestamp + 24 hours) { + } else if (block.timestamp > a.timings.endTimestamp + REVEAL_PERIOD) { if (_state != States.Voided) revert InvalidState(); } else { revert(); @@ -423,7 +425,7 @@ contract SizeSealed is ISizeSealed { // Only allow bid cancellations while not finalized or in the reveal period if (block.timestamp >= a.timings.endTimestamp) { - if (a.data.lowestQuote != type(uint128).max || block.timestamp <= a.timings.endTimestamp + 24 hours) { + if (a.data.lowestQuote != type(uint128).max || block.timestamp <= a.timings.endTimestamp + REVEAL_PERIOD) { revert InvalidState(); } }
iii) CLIFF_PERCENT_BASE
diff --git a/src/SizeSealed.sol b/src/SizeSealed.sol index e5380ff..a0b8d64 100644 --- a/src/SizeSealed.sol +++ b/src/SizeSealed.sol @@ -69,7 +69,7 @@ contract SizeSealed is ISizeSealed { if (timings.vestingStartTimestamp > timings.vestingEndTimestamp) { revert InvalidTimestamp(); } - if (timings.cliffPercent > 1e18) { + if (timings.cliffPercent > CommonTokenMath.CLIFF_PERCENT_BASE) { revert InvalidCliffPercent(); } // Revert if the min bid is more than the total reserve of the auction diff --git a/src/util/CommonTokenMath.sol b/src/util/CommonTokenMath.sol index 2ea350f..b8545b0 100644 --- a/src/util/CommonTokenMath.sol +++ b/src/util/CommonTokenMath.sol @@ -4,6 +4,7 @@ pragma solidity 0.8.17; import {FixedPointMathLib} from "solmate/utils/FixedPointMathLib.sol"; library CommonTokenMath { + uint256 public constant CLIFF_PERCENT_BASE = 1e18; /*////////////////////////////////////////////////////////////// VESTING @@ -57,7 +58,7 @@ library CommonTokenMath { return 0; // If cliff hasn't been triggered yet, bidder receives no tokens } else { // Vesting is active and cliff has triggered - uint256 cliffAmount = FixedPointMathLib.mulDivDown(baseAmount, cliffPercent, 1e18); + uint256 cliffAmount = FixedPointMathLib.mulDivDown(baseAmount, cliffPercent, CLIFF_PERCENT_BASE); return uint128( cliffAmount
#0 - c4-judge
2022-11-10T02:44:12Z
0xean marked the issue as grade-b
🌟 Selected for report: 0x1f8b
Also found by: 0xSmartContract, 0xdeadbeef, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, JC, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, TomJ, ajtra, aviggiano, chaduke, cryptostellar5, djxploit, gianganhnguyen, gogo, halden, karanctf, leosathya, lukris02, mcwildy, oyc_109, ret2basic, skyle, slowmoses
21.132 USDC - $21.13
SizeSealed.refund instead of simply setting sender to nul for higher gas refundsCode changes
diff --git a/src/SizeSealed.sol b/src/SizeSealed.sol index e5380ff..1b75d05 100644 --- a/src/SizeSealed.sol +++ b/src/SizeSealed.sol @@ -344,11 +344,12 @@ contract SizeSealed is ISizeSealed { revert InvalidState(); } - b.sender = address(0); + uint256 quoteAmount = b.quoteAmount; + delete a.bids[bidIndex]; emit BidRefund(auctionId, bidIndex); - SafeTransferLib.safeTransfer(ERC20(a.params.quoteToken), msg.sender, b.quoteAmount); + SafeTransferLib.safeTransfer(ERC20(a.params.quoteToken), msg.sender, quoteAmount); } /// @notice Called after finalize for successful bidders
Gas diff
$ forge snapshot --diff .gas-snapshot ... testCancelSingleBid() (gas: -12 (-0.002%)) testCancelBidDuringVoidedNoFinalize() (gas: -12 (-0.002%)) testCancelAuction() (gas: -12 (-0.004%)) testCancelAuctionDuringRevealPeriod() (gas: -12 (-0.004%)) testAuctionRefundLostBidder() (gas: -98628 (-10.846%)) Overall gas change: -98676 (-10.859%)
SizeSealed.cancelBid` instead of simply setting properties to nul for higher gas refundsCode changes
diff --git a/src/SizeSealed.sol b/src/SizeSealed.sol index e5380ff..e475ba0 100644 --- a/src/SizeSealed.sol +++ b/src/SizeSealed.sol @@ -428,15 +428,14 @@ contract SizeSealed is ISizeSealed { } } + uint256 quoteAmount = b.quoteAmount; // Prevent any futher access to this EncryptedBid - b.sender = address(0); - // Prevent seller from finalizing a cancelled bid - b.commitment = 0; + delete a.bids[bidIndex]; emit BidCancelled(auctionId, bidIndex); - SafeTransferLib.safeTransfer(ERC20(a.params.quoteToken), msg.sender, b.quoteAmount); + SafeTransferLib.safeTransfer(ERC20(a.params.quoteToken), msg.sender, quoteAmount); } ////////////////////////////////////////////////////////////////////////////
Gas diff
$ forge snapshot --diff .gas-snapshot ... testAuctionRefundLostBidder() (gas: -12 (-0.001%)) testCancelBidDuringRevealBeforeFinalize() (gas: -16 (-0.003%)) testCancelAuction() (gas: -12 (-0.004%)) testCancelAuctionDuringRevealPeriod() (gas: -12 (-0.004%)) testCancelBidAfterFinalize() (gas: -32 (-0.005%)) testCancelBidDuringVoidedNoFinalize() (gas: -61462 (-11.399%)) testCancelSingleBid() (gas: -63386 (-11.548%)) Overall gas change: -124932 (-22.964%)
#0 - c4-judge
2022-11-10T02:21:55Z
0xean marked the issue as grade-b