Back to chrisdior4's contests

Fraxlend (Frax Finance) contest - chrisdior4's results

Fraxlend: A permissionless lending platform and the final piece of the Frax Finance Defi Trinity.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $50,000 USDC

Total HM: 15

Participants: 120

Period: 5 days

Judge: Justin Goro

Total Solo HM: 6

Id: 153

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 113/120

Findings: 1

Award: $21.17

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw

Awards

21.1705 USDC - $21.17

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

<X> += <Y> COSTS MORE GAS THAN <X> = <X> + <Y> FOR STATE VARIABLES



There are 2 instances of this issue: 
=================
 file: FraxlendPairCore.sol




_totalBorrow.amount += uint128(_interestEarned);
 _totalAsset.amount += uint128(_interestEarned);




https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairCore.sol#L475
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairCore.sol#L476




Should be:


_totalBorrow.amount = _totalBorrow.amount + uint128(_interestEarned);
 _totalAsset.amount = _totalAsset.amount + uint128(_interestEarned); 
=================

++i COSTS LESS GAS THAN i++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS



There are 4 instances of this issue: 

======================
 file: FraxlendPair.sol



for (uint256 i = 0; i < _lenders.length; i++) 
for (uint256 i = 0; i < _borrowers.length; i++)



https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L289
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L308 
 Should be: 


for (uint256 i = 0; i < lendersLength; ++i) 
for (uint256 i = 0; i < borrowersLength; ++i) 

 ===================


File: FraxlendPairDeployer.sol



addresses[i] = deployedPairsByName[_deployedPairsArray[i]]; unchecked { i++;



https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairDeployer.sol#L130



Should be:


addresses[i] = deployedPairsByName[_deployedPairsArray[i]]; unchecked { ++i; ==================

 file: FraxlendWhitelist.sol



for (uint256 i = 0; i < _addresses.length; i++) {



https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendWhitelist.sol#L51



Should be:


for (uint256 i = 0; i < _addresses.length; ++i) {


<ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP



There are 3 instances of this issue:



======================


File: FraxlendPair.sol



for (uint256 i = 0; i < _lenders.length; i++) 
 for (uint256 i = 0; i < _borrowers.length; i++) 

https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L289
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L308



Should create new state variable then use it in the for loop:



uint256 lendersLength = _lenders.length;
 for(uint256. i =0; i < lendersLength; ++i)



uint256 borrowersLength = _borrowers.length; 
for(uint256. i =0; i < borrowersLength; ++i) 

=======================


File: FraxlendWhitelist.sol



for (uint256 i = 0; i < _addresses.length; i++) {

https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendWhitelist.sol#L51



Should create new state variable then use it in the for loop:



uint256 addressesLength = _addresses.length;
for (uint256 i = 0; i < addressesLength; ++i {


USING STORAGE INSTEAD OF MEMORY FOR STRUCTS/ARRAYS SAVES GAS


There are 3 instances of this issue: 
=========================


File: FraxlendPairCore.sol

address[] memory _path



https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairCore.sol#L1067



Should be: 
 address[] storage _path

File: FraxlendPairDeployer.sol



string[] memory _deployedPairsArray = deployedPairsArray; address[] memory _addresses = new address;



https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairDeployer.sol#L123
 https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairDeployer.sol#L125



Should be:


string[] storage _deployedPairsArray = deployedPairsArray; address[] storage _addresses = new address; =========================


AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter