Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $50,000 USDC
Total HM: 15
Participants: 120
Period: 5 days
Judge: Justin Goro
Total Solo HM: 6
Id: 153
League: ETH
Rank: 69/120
Findings: 2
Award: $67.00
π Selected for report: 0
π Solo Findings: 0
π Selected for report: 0x1f8b
Also found by: 0x52, 0xA5DF, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, EthLedger, Funen, IllIllI, JC, Junnon, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, SaharAP, Sm4rty, SooYa, The_GUILD, TomJ, Waze, Yiko, _Adam, __141345__, a12jmx, ak1, asutorufos, auditor0517, ayeslick, ballx, beelzebufo, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, cccz, cryptonue, cryptphi, d3e4, delfin454000, dipp, djxploit, durianSausage, dy, erictee, fatherOfBlocks, gogo, gzeon, hyh, ignacio, kyteg, ladboy233, medikko, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, simon135, sryysryy, tabish, yac, yash90, zzzitron
45.8341 USDC - $45.83
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-frax/src/contracts/FraxlendPair.sol | fa2865eb7ac411ed4bb8af7a3f65a34e3beff4c6 |
| 2022-08-frax/src/contracts/FraxlendPairCore.sol | 0f83fa95a154176285b90ec72e03a45c3d814630 |
| 2022-08-frax/src/contracts/FraxlendPairDeployer.sol | 6eb1ee79407caec1b7934a6695b461ec40b07bf8 |
| 2022-08-frax/src/contracts/FraxlendWhitelist.sol | 11b927551182094e49b21d2a68a31ff71fbcec71 |
| 2022-08-frax/src/contracts/VariableInterestRate.sol | a9c4b05b5eb9ca645cce49616278353c6231e4e2 |
None.
diff --git a/src/contracts/FraxlendPair.sol b/src/contracts/FraxlendPair.sol index d54b8f5..be5f345 100644 --- a/src/contracts/FraxlendPair.sol +++ b/src/contracts/FraxlendPair.sol @@ -184,7 +184,7 @@ contract FraxlendPair is FraxlendPairCore { return totalBorrow.toShares(_amount, _roundUp); } - /// @notice The ```toBorrtoBorrowAmountowShares``` function converts a given amount of borrow debt into the number of shares + /// @notice The ```toBorrowAmount``` function converts a given amount of borrow debt into the number of shares /// @param _shares Shares of borrow /// @param _roundUp Whether to roundup during division function toBorrowAmount(uint256 _shares, bool _roundUp) external view returns (uint256) { @@ -283,8 +283,8 @@ contract FraxlendPair is FraxlendPairCore { /// @notice The ```setApprovedLenders``` function sets a given set of addresses to the whitelist /// @dev Cannot black list self - /// @param _lenders The addresses whos status will be set - /// @param _approval The approcal status + /// @param _lenders The addresses whose status will be set + /// @param _approval The approval status function setApprovedLenders(address[] calldata _lenders, bool _approval) external approvedLender(msg.sender) { for (uint256 i = 0; i < _lenders.length; i++) { // Do not set when _approval == false and _lender == msg.sender @@ -302,8 +302,8 @@ contract FraxlendPair is FraxlendPairCore { /// @notice The ```setApprovedBorrowers``` function sets a given array of addresses to the whitelist /// @dev Cannot black list self - /// @param _borrowers The addresses whos status will be set - /// @param _approval The approcal status + /// @param _borrowers The addresses whose status will be set + /// @param _approval The approval status function setApprovedBorrowers(address[] calldata _borrowers, bool _approval) external approvedBorrower { for (uint256 i = 0; i < _borrowers.length; i++) { // Do not set when _approval == false and _borrower == msg.sender diff --git a/src/contracts/FraxlendPairCore.sol b/src/contracts/FraxlendPairCore.sol index a712d46..794cc36 100644 --- a/src/contracts/FraxlendPairCore.sol +++ b/src/contracts/FraxlendPairCore.sol @@ -228,7 +228,7 @@ abstract contract FraxlendPairCore is FraxlendPairConstants, IERC4626, ERC20, Ow // Set approved borrowers whitelist borrowerWhitelistActive = _isBorrowerWhitelistActive; - // Set approved lenders whitlist active + // Set approved lenders whitelist active lenderWhitelistActive = _isLenderWhitelistActive; // Set maturity date & penalty interest rate @@ -890,10 +890,10 @@ abstract contract FraxlendPairCore is FraxlendPairConstants, IERC4626, ERC20, Ow // Functions: Liquidations // ============================================================================================ /// @notice The ```Liquidate``` event is emitted when a liquidation occurs - /// @param _borrower The borrower account for which the liquidation occured + /// @param _borrower The borrower account for which the liquidation occurred /// @param _collateralForLiquidator The amount of Collateral Token transferred to the liquidator /// @param _sharesToLiquidate The number of Borrow Shares the liquidator repaid on behalf of the borrower - /// @param _sharesToAdjust The number of Borrow Shares that were adjusted on liabilites and assets (a writeoff) + /// @param _sharesToAdjust The number of Borrow Shares that were adjusted on liabilities and assets (a writeoff) event Liquidate( address indexed _borrower, uint256 _collateralForLiquidator, diff --git a/src/contracts/FraxlendPairDeployer.sol b/src/contracts/FraxlendPairDeployer.sol index f8d959e..590475b 100644 --- a/src/contracts/FraxlendPairDeployer.sol +++ b/src/contracts/FraxlendPairDeployer.sol @@ -165,7 +165,7 @@ contract FraxlendPairDeployer is Ownable { // ============================================================================================ /// @notice The ```setCreationCode``` function sets the bytecode for the fraxlendPair - /// @dev splits the data if necessary to accomodate creation code that is slightly larger than 24kb + /// @dev splits the data if necessary to accommodate creation code that is slightly larger than 24kb /// @param _creationCode The creationCode for the Fraxlend Pair function setCreationCode(bytes calldata _creationCode) external onlyOwner { bytes memory _firstHalf = BytesLib.slice(_creationCode, 0, 13000); diff --git a/src/contracts/FraxlendWhitelist.sol b/src/contracts/FraxlendWhitelist.sol index da34880..79e099b 100644 --- a/src/contracts/FraxlendWhitelist.sol +++ b/src/contracts/FraxlendWhitelist.sol @@ -44,7 +44,7 @@ contract FraxlendWhitelist is Ownable { /// @param _bool approval being set event SetOracleWhitelist(address indexed _address, bool _bool); - /// @notice The ```setOracleContractWhitelist``` function sets a given address to true/false for use as oralce + /// @notice The ```setOracleContractWhitelist``` function sets a given address to true/false for use as oracle /// @param _addresses addresses to set status for /// @param _bool status of approval function setOracleContractWhitelist(address[] calldata _addresses, bool _bool) external onlyOwner { diff --git a/src/contracts/VariableInterestRate.sol b/src/contracts/VariableInterestRate.sol index cf9dde8..e41e1e0 100644 --- a/src/contracts/VariableInterestRate.sol +++ b/src/contracts/VariableInterestRate.sol @@ -29,7 +29,7 @@ import "./interfaces/IRateCalculator.sol"; /// @title A formula for calculating interest rates as a function of utilization and time /// @author Drake Evans github.com/drakeevans -/// @notice A Contract for calulcating interest rates as a function of utilization and time +/// @notice A Contract for calculating interest rates as a function of utilization and time contract VariableInterestRate is IRateCalculator { // Utilization Rate Settings uint32 private constant MIN_UTIL = 75000; // 75%
VS Code
π Selected for report: IllIllI
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw
21.1706 USDC - $21.17
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-frax/src/contracts/FraxlendPair.sol | fa2865eb7ac411ed4bb8af7a3f65a34e3beff4c6 |
| 2022-08-frax/src/contracts/FraxlendPairCore.sol | 0f83fa95a154176285b90ec72e03a45c3d814630 |
| 2022-08-frax/src/contracts/FraxlendPairDeployer.sol | 6eb1ee79407caec1b7934a6695b461ec40b07bf8 |
| 2022-08-frax/src/contracts/FraxlendWhitelist.sol | 11b927551182094e49b21d2a68a31ff71fbcec71 |
| 2022-08-frax/src/contracts/VariableInterestRate.sol | a9c4b05b5eb9ca645cce49616278353c6231e4e2 |
| 2022-08-frax/src/contracts/libraries/SafeERC20.sol | edf7d1362c70e6e1ebb93c6309cb44f3f7849c00 |
Pre-increments cost less gas compared to post-increments.
for (uint256 i = 0; i < _lenders.length; i++) {
for (uint256 i = 0; i < _borrowers.length; i++) {
i++;
i++;
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (i = 0; i < 32 && data[i] != 0; i++) {
Change i++ to ++i.
VS Code
In Solidity 0.8+, thereβs a default overflow check on unsigned integers.
for (uint256 i = 0; i < _lenders.length; i++) {
for (uint256 i = 0; i < _borrowers.length; i++) {
for (uint256 i = 0; i < _approvedBorrowers.length; ++i) {
for (uint256 i = 0; i < _approvedLenders.length; ++i) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (i = 0; i < 32 && data[i] != 0; i++) {
One example is the code would go from:
for (uint256 i = 0; i < _lenders.length; i++) { // Do not set when _approval == false and _lender == msg.sender if (_approval || _lenders[i] != msg.sender) { approvedLenders[_lenders[i]] = _approval; emit SetApprovedLender(_lenders[i], _approval); } }
to:
for (uint256 i = 0; i < _lenders.length; ) { // Do not set when _approval == false and _lender == msg.sender if (_approval || _lenders[i] != msg.sender) { approvedLenders[_lenders[i]] = _approval; emit SetApprovedLender(_lenders[i], _approval); } unchecked { i++; } }
VS Code
If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0, etc depending on the data type). If you explicitly initialize it with its default value, you are just wasting gas.
for (uint256 i = 0; i < _lenders.length; i++) {
for (uint256 i = 0; i < _borrowers.length; i++) {
for (uint256 i = 0; i < _approvedBorrowers.length; ++i) {
for (uint256 i = 0; i < _approvedLenders.length; ++i) {
for (i = 0; i < _lengthOfArray; ) {
for (i = 0; i < _lengthOfArray; ) {
for (uint256 i = 0; i < _lengthOfArray; ) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
for (uint256 i = 0; i < _addresses.length; i++) {
Do not initialize variables with default values.
VS Code
Less expensive and able to use dynamic information in them.
Use custom errors.
VS Code