Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 73/147
Findings: 2
Award: $87.03
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.4474 DAI - $54.45
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-olympus/src/modules/PRICE.sol | eb3c920eaaf30e31cffbef13d8510dc18341d5ab |
None.
diff --git a/src/modules/PRICE.sol b/src/modules/PRICE.sol index 55d85d3..c3867d1 100644 --- a/src/modules/PRICE.sol +++ b/src/modules/PRICE.sol @@ -123,7 +123,7 @@ contract OlympusPrice is Module { // Revert if not initialized if (!initialized) revert Price_NotInitialized(); - // Cache numbe of observations to save gas. + // Cache number of observations to save gas. uint32 numObs = numObservations; // Get earliest observation in window
VS Code
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.5837 DAI - $32.58
| File Name | SHA-1 Hash |
|---|---|
| 2022-08-olympus/src/modules/PRICE.sol | eb3c920eaaf30e31cffbef13d8510dc18341d5ab |
| 2022-08-olympus/src/Kernel.sol | 702fd864c142f5c93781482371d168379d6b10df |
| 2022-08-olympus/src/utils/KernelUtils.sol | b103389226af6aa16880e2568c5de4de143d7950 |
| 2022-08-olympus/src/modules/INSTR.sol | b2c9521b73b50db74fa17b59b12e9b25269a83cc |
| 2022-08-olympus/src/modules/RANGE.sol | 3b34f485fcb242d7a254307b239f055524ed2e6b |
| 2022-08-olympus/src/modules/TRSRY.sol | 7626a2b1c998b640c51d08c8e665498ba73efca0 |
| 2022-08-olympus/src/modules/VOTES.sol | 5e22b6aff627c48b8cedabbede375c1f5a468985 |
| 2022-08-olympus/src/modules/MINTR.sol | e3ba147c72850c7463b5a3da587a77550ad6da1e |
| 2022-08-olympus/src/modules/PRICE.sol | eb3c920eaaf30e31cffbef13d8510dc18341d5ab |
| 2022-08-olympus/src/policies/PriceConfig.sol | 988825fff850ed5efb9713ac352628ca77f78cbc |
| 2022-08-olympus/src/policies/BondCallback.sol | 6be071dd7f9ccc578d929670bff27ed8f72a9f62 |
| 2022-08-olympus/src/policies/TreasuryCustodian.sol | 752907434e36330542e6f3f18ae2e3a89e746c52 |
| 2022-08-olympus/src/policies/Governance.sol | 88ae920ee84d217efdd686cb29939d820cbbd632 |
| 2022-08-olympus/src/policies/Operator.sol | f185cfaa901424dd55c533b88a7b801f08b35367 |
| 2022-08-olympus/src/policies/VoterRegistration.sol | 74328138074d3796580439636955db37e4ffa9b2 |
| 2022-08-olympus/src/policies/Heart.sol | f1a6dcb7778663cba55f2278e6e2d9044b7ec69c |
If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0, etc depending on the data type). If you explicitly initialize it with its default value, you are just wasting gas.
for (uint256 i = 0; i < reqLength; ) {
for (uint256 i = 0; i < 5; ) {
for (uint256 i = 0; i < 32; ) {
Do not initialize variables with default values.
VS Code
>= is cheaper than >Non-strict inequalities (>=) are cheaper than strict ones (>). This is due to some supplementary checks (ISZERO, 3 gas).
if (exponent > 38) revert Price_InvalidParams();
if ( wallSpread_ > 10000 || wallSpread_ < 100 || cushionSpread_ > 10000 || cushionSpread_ < 100 || cushionSpread_ > wallSpread_
if (startObservations_.length != numObs || lastObservationTime_ > uint48(block.timestamp))
if (thresholdFactor_ > 10000 || thresholdFactor_ < 100) revert RANGE_InvalidParams();
if (block.timestamp > proposal.submissionTimestamp + ACTIVATION_DEADLINE) {
if (configParams[1] > uint256(7 days) || configParams[1] < uint256(1 days))
if (configParams[3] < uint32(1 hours) || configParams[3] > configParams[1])
if (configParams[4] > 10000 || configParams[4] < 100) revert Operator_InvalidParams();
if ( configParams[5] < 1 hours || configParams[6] > configParams[7] ||
if (currentPrice > range.cushion.low.price || currentPrice < range.wall.low.price) {
if (currentPrice < range.cushion.low.price && currentPrice > range.wall.low.price) {
currentPrice < range.cushion.high.price || currentPrice > range.wall.high.price
currentPrice > range.cushion.high.price && currentPrice < range.wall.high.price
if (cushionFactor_ > 10000 || cushionFactor_ < 100) revert Operator_InvalidParams();
if (duration_ > uint256(7 days) || duration_ < uint256(1 days))
if (depositInterval_ < uint32(1 hours) || depositInterval_ > duration_)
if (reserveFactor_ > 10000 || reserveFactor_ < 100) revert Operator_InvalidParams();
if (wait_ < 1 hours || threshold_ > observe_ || observe_ == 0)
if (amountOut > RANGE.capacity(false)) revert Operator_InsufficientCapacity();
if (amountOut > RANGE.capacity(true)) revert Operator_InsufficientCapacity();
if (char < 0x41 || char > 0x5A) revert InvalidKeycode(keycode_); // A-Z only
if ((char < 0x61 || char > 0x7A) && char != 0x5f && char != 0x00) {
if (updatedAt < block.timestamp - 3 * uint256(observationFrequency))
if (updatedAt < block.timestamp - uint256(observationFrequency))
if (capacity_ < _range.high.threshold && _range.high.active) {
if (capacity_ < _range.low.threshold && _range.low.active) {
if (oldDebt < amount_) totalDebt[token_] += amount_ - oldDebt;
if (approval < amount_) revert TRSRY_NotApproved();
if (quoteToken.balanceOf(address(this)) < priorBalances[quoteToken] + inputAmount_)
if (VOTES.balanceOf(msg.sender) * 10000 < VOTES.totalSupply() * SUBMISSION_REQUIREMENT)
if (block.timestamp < activeProposal.activationTimestamp + GRACE_PERIOD) {
if (netVotes * 100 < VOTES.totalSupply() * EXECUTION_THRESHOLD) {
if (block.timestamp < activeProposal.activationTimestamp + EXECUTION_TIMELOCK) {
if (block.timestamp < lastBeat + frequency()) revert Heart_OutOfCycle();
if (configParams[2] < uint32(10_000)) revert Operator_InvalidParams();
if (amountOut < minAmountOut_)
if (amountOut < minAmountOut_)
if (debtBuffer_ < uint32(10_000)) revert Operator_InvalidParams();
RANGE.capacity(high_) < auctioneer.currentCapacity(market))
Replace > / < with >= / <= without breaking the logic of the code.
Change
if (exponent > 38) revert Price_InvalidParams();
to
if (exponent >= 39) revert Price_InvalidParams();
VS Code
#0 - IllIllI000
2022-09-22T11:41:25Z
@0xean G-01 is invalid since they're all local variables, and G-02 changes the behavior of the code. Can you elaborate on why this was ranked highly?
#1 - 0xean
2022-09-22T12:42:08Z
"highly"? It's in the bottom 1/3rd of all gas reports submitted. Happy to downgrade further.
#2 - IllIllI000
2022-09-22T12:50:57Z
"highly"? It's in the bottom 1/3rd of all gas reports submitted. Happy to downgrade further.
According to the spreadsheet it's in the top third with a score of 79. Mine https://github.com/code-423n4/2022-08-olympus-findings/issues/269 has a score of 77
#3 - 0xean
2022-09-22T12:54:03Z
Okay, will re-check and revise.
You are incorrect about these savings being invalid, but happy to take another look at where it stands.
#4 - IllIllI000
2022-09-22T13:02:23Z
You are incorrect about these savings being invalid, but happy to take another look at where it stands.
It's invalid for stack variables, which the finding flags. See https://gist.github.com/IllIllI000/4c0a09e9492ec519339be3cde7431d8c
#5 - 0xean
2022-09-22T14:12:36Z
With the optimizer enabled you are correct, there is no gas savings for G-01. I had tested without the optimizer.