Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $35,000 USDC
Total HM: 10
Participants: 126
Period: 3 days
Judge: Justin Goro
Total Solo HM: 3
Id: 154
League: ETH
Rank: 25/126
Findings: 3
Award: $187.09
π Selected for report: 0
π Solo Findings: 0
π Selected for report: CertoraInc
Also found by: 0x1f8b, DecorativePineapple, cRat1st0s, carlitox477, joestakey, ladboy233, reassor, rvierdiiev
142.1501 USDC - $142.15
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L418 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L420 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L460 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L461 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L465 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L472
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-fiatdao/contracts/VotingEscrow.sol | 837eb4609e43f1ac4e2ca37b54d11f64eea819e0 |
In functions createLock and increaseAmount there are unsafe casts with the parameter _value that is chosen by the caller. This can have unexpected consequences in delegator's voting power and/or delegatee's voting power.
locked_.amount += int128(int256(_value));
locked_.delegated += int128(int256(_value));
newLocked.amount += int128(int256(_value));
newLocked.delegated += int128(int256(_value));
locked_.amount += int128(int256(_value));
newLocked.delegated += int128(int256(_value));
Β» int128(int256(type(uint256).max)) -1 Β» int128(int256(type(uint256).max/1000000000)) -78873554377478089559772797583181133079
SafeCast library must be used in every type cast.
VS Code
#0 - lacoop6tu
2022-08-16T10:32:51Z
Duplicate of #228
#1 - gititGoro
2022-09-02T00:00:46Z
Duplicate upheld
π Selected for report: oyc_109
Also found by: 0x1f8b, 0x52, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xbepresent, 0xmatt, 0xsolstars, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, DecorativePineapple, Deivitto, Dravee, ElKu, Funen, GalloDaSballo, IllIllI, JC, JohnSmith, Junnon, KIntern_NA, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Sm4rty, TomJ, Vexjon, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, auditor0517, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, cRat1st0s, cryptphi, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, exd0tpy, fatherOfBlocks, gogo, jonatascm, ladboy233, medikko, mics, natzuu, neumo, p_crypt0, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saneryee, seyni, sikorico, simon135, sseefried, wagmi, wastewa
29.9659 USDC - $29.97
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-fiatdao/contracts/VotingEscrow.sol | 837eb4609e43f1ac4e2ca37b54d11f64eea819e0 |
Based on veFDT checkpoint math under require column is T>owner.end but in code is T>=owner.end.
require(unlock_time >= locked_.end, "Only increase lock end"); // from using quitLock, user should increaseAmount instead
Based on what is correct, do the appropriate changes.
VS Code
Based on veFDT checkpoint math under update column is owner.amount=V but in code is owner.amount+=V.
locked_.amount += int128(int256(_value));
Based on what is correct, do the appropriate changes.
VS Code
Based on veFDT checkpoint math under require column is to.end > from.end but in code is to.end >= from.end.
require(toLocked.end >= fromLocked.end, "Only delegate to longer lock");
Based on what is correct, do the appropriate changes.
VS Code
π Selected for report: IllIllI
Also found by: 0x040, 0x1f8b, 0xDjango, 0xHarry, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xbepresent, 2997ms, Amithuddar, Aymen0909, Bnke0x0, CRYP70, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, JC, JohnSmith, Junnon, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, SpaceCake, TomJ, Tomio, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, chrisdior4, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, ignacio, jag, ladboy233, m_Rassska, medikko, mics, natzuu, newfork01, oyc_109, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saian, sashik_eth, sikorico, simon135
14.9678 USDC - $14.97
!= 0 rather than > 0 for unsigned integers in require() statements
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-fiatdao/contracts/VotingEscrow.sol | 837eb4609e43f1ac4e2ca37b54d11f64eea819e0 |
If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0, etc depending on the data type). If you explicitly initialize it with its default value, you are just wasting gas.
int128 oldSlopeDelta = 0;
int128 newSlopeDelta = 0;
uint256 blockSlope = 0; // dblock/dt
int128 dSlope = 0;
uint256 min = 0;
uint256 min = 0;
uint256 dBlock = 0;
uint256 dTime = 0;
int128 dSlope = 0;
uint256 dTime = 0;
Do not initialize variables with default values.
VS Code
Pre-increments cost less gas compared to post-increments.
for (uint256 i = 0; i < 255; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 255; i++) {
Change i++ to ++i.
VS Code
In Solidity 0.8+, thereβs a default overflow check on unsigned integers.
for (uint256 i = 0; i < 255; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 255; i++) {
One example is the code would go from:
for (uint256 i = 0; i < 128; i++) { if (min >= max) break; uint256 mid = (min + max + 1) / 2; if (pointHistory[mid].blk <= _block) { min = mid; } else { max = mid - 1; } }
to:
for (uint256 i = 0; i < 128; ) { if (min >= max) break; uint256 mid = (min + max + 1) / 2; if (pointHistory[mid].blk <= _block) { min = mid; } else { max = mid - 1; } unchecked { i++; } }
VS Code
If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0, etc depending on the data type). If you explicitly initialize it with its default value, you are just wasting gas.
for (uint256 i = 0; i < 255; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 128; i++) {
for (uint256 i = 0; i < 255; i++) {
Do not initialize variables with default values.
VS Code
!= 0 rather than > 0 for unsigned integers in require() statementsWhen the optimizer is enabled, gas is wasted by doing a greater-than operation, rather than a not-equals operation inside require() statements. When using !=, the optimizer is able to avoid the EQ, ISZERO, and associated operations, by relying on the JUMPI that comes afterwards, which itself checks for zero.
require(_value > 0, "Only non zero amount");
require(_value > 0, "Only non zero amount");
Use != 0 rather than > 0 for unsigned integers in require() statements.
VS Code
Less expensive and able to use dynamic information in them.
Use custom errors.
VS Code