Back to chrisdior4's contests

Olympus DAO contest - chrisdior4's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Platform: Code4rena

Start Date: 25/08/2022

Pot Size: $75,000 USDC

Total HM: 35

Participants: 147

Period: 7 days

Judge: 0xean

Total Solo HM: 15

Id: 156

League: ETH

Olympus DAO

Findings Distribution

Researcher Performance

Rank: 140/147

Findings: 1

Award: $32.58

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOlympus DAO

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami

Awards

32.584 DAI - $32.58

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

<X> += <Y> COSTS MORE GAS THAN <X> = <X> + <Y> FOR STATE VARIABLES



There are 14 instances of this issue: 
=================
 file: OlympusERC20.sol



1.counter._value += 1;

1.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/external/OlympusERC20.sol#L651




Should be:


1.counter._value = counter._value + 1;



/////////////////////////////



file:PRICE.sol


 2._movingAverage += (currentPrice - earliestPrice) / numObs;
 3.movingAverage -= (earliestPrice - currentPrice) / numObs;
 4. total += startObservations[i];




2. https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L136
3. 3.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L138
4. 4.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L222



Should be:



  1. _movingAverage = _movingAverage + (currentPrice - earliestPrice) / numObs;
 3._movingAverage = _movingAverage - (earliestPrice - currentPrice) / numObs;

  2. total = total + startObservations_[i];


/////////////////////



File: TRSRY.sol



5.reserveDebt[token_][msg.sender] += amount_; 
6.totalDebt[token_] += amount_;



5.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/TRSRY.sol#L96
 6. https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/TRSRY.sol#L96



Should be:



5.reserveDebt[token_][msg.sender] = reserveDebt[token_][msg.sender] + amount_;
 6.totalDebt[token_] = totalDebt[token_] + amount_;



//////////////////



File: Votes.sol



7.balanceOf[from_] -= amount_;
 8.balanceOf[to_] += amount_;



7.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/VOTES.sol#L56
8.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/VOTES.sol#L58



Should be:



7.balanceOf[from_] = balanceOf[from_] - amount_;
 8.balanceOf[to_] = balanceOf[to_] + amount_;



///////////////////

file: BondCallback.sol



  1. amountsPerMarket[id][0] += inputAmount_;
 10.amountsPerMarket[id][1] += outputAmount_;



9.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L143
10.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L144



Should be:



  1. amountsPerMarket[id][0] = amountsPerMarket[id][0] + inputAmount_;
 10.amountsPerMarket[id][1] = amountsPerMarket[id][1] + outputAmount_;


///////////////////


File: Governance.sol



11.totalEndorsementsForProposal[proposalId_] += userVotes;
 12.yesVotesForProposal[activeProposal.proposalId] += userVotes;
 13.noVotesForProposal[activeProposal.proposalId] += userVotes;

11.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L198
12.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L198
13.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L254

Should be:



11.totalEndorsementsForProposal[proposalId_] = totalEndorsementsForProposal[proposalId_] + userVotes;
12.yesVotesForProposal[activeProposal.proposalId] = yesVotesForProposal[activeProposal.proposalId] + userVotes;
13.noVotesForProposal[activeProposal.proposalId] = noVotesForProposal[activeProposal.proposalId] + userVotes;


/////////////



File:Heart.sol



14.lastBeat += frequency();



14.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Heart.sol#L103



Should be:



14.lastBeat = lastBeat + frequency();


=================



USING STORAGE INSTEAD OF MEMORY FOR STRUCTS/ARRAYS SAVES GAS


There are 8 instances of this issue: 
=========================


File: PRICE.sol

1.uint256[] memory startObservations_



1.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L205



Should be: 


1.uint256[] storage startObservations_



/////////////////////////////



File:RANGE.sol



2.ERC20[2] memory tokens_,
 3.uint256[3] memory rangeParams_




  1. https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/RANGE.sol#L79

  2. https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/RANGE.sol#L80





Should be:



2. ERC20[2] storage tokens_,
 3. uint256[3] storage rangeParams_




///////////////////



File:BondCallback.sol



4.uint256[2] memory marketAmounts = amountsPerMarket[id];



4.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L179



Should be: 


4.uint256[2] storage marketAmounts = amountsPerMarket[id];




////////////////



File: Governance.sol



5.Instruction[] memory instructions = INSTR.getInstructions(proposalId_);



5.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L187



5.Instruction[] storage instructions = INSTR.getInstructions(proposalId_);





///////////////////



File:Operator.sol



6.ERC20[2] memory tokens_, 
7.uint32[8] memory configParams 
8.Regen memory regen = _status.low;



6.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L96
7.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L97
8.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L666



Should be:



6.ERC20[2] storage tokens_,
 7.uint32[8] storage configParams
 8.Regen storage regen = _status.low;


========================


++i COSTS LESS GAS THAN i++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS

========================







There are 4 instances of this issue: 

======================
 file: Operator



  1. decimals++;
 2._status.low.count++;
 3._status.low.count++;



1.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L488
2.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L670
3.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L670 
 Should be: 


  1. ++decimals;
 2.++_status.low.count;
 3.++_status.low.count;


///////////////////



File:Deploy.sol



4.for (uint i = 0; i < 90; i++) {



4.https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/scripts/Deploy.sol#L239



Should be:



4.for (uint i = 0; i < 90; ++i) {

 ===================


AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter