Back to cryptphi's contests

Putty contest - cryptphi's results

An order-book based american options market for NFTs and ERC20s.

General Information

Platform: Code4rena

Start Date: 29/06/2022

Pot Size: $50,000 USDC

Total HM: 20

Participants: 133

Period: 5 days

Judge: hickuphh3

Total Solo HM: 1

Id: 142

League: ETH

Putty

Findings Distribution

Researcher Performance

Rank: 67/133

Findings: 2

Award: $68.53

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPutty

Findings Information

🌟 Selected for report: xiaoming90

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xSolus, 0xf15ers, 0xsanson, AmitN, Bnke0x0, BowTiedWardens, Chom, David_, ElKu, Funen, GalloDaSballo, GimelSec, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Nethermind, Picodes, ReyAdmirado, Sneakyninja0129, StErMi, TomJ, Treasure-Seeker, TrungOre, Waze, Yiko, _Adam, __141345__, antonttc, async, aysha, catchup, cccz, cryptphi, csanuragjain, danb, datapunk, defsec, delfin454000, dirk_y, doddle0x, durianSausage, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, horsefacts, hubble, itsmeSTYJ, joestakey, oyc_109, pedroais, peritoflores, rajatbeladiya, reassor, robee, rokinot, samruna, saneryee, sashik_eth, shenwilly, shung, simon135, sseefried, unforgiven, zer0dot, zzzitron

Awards

47.3626 USDC - $47.36

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Unbounded loops The following contains a for loop that can be unbounded. This would mean it could run out of gas and the function would revert

**Occurrences in: https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L594-L602 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L611-L613 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L627-L629 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L637-L639 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L647-L649 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L658-L660 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L670-L672 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L556-L558 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L742-L747 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L728-L733

**Some recommendations: pull over push strategy for external calls.

  1. Missing input validation on array lengths The functions below fail to perform input validation on arrays to verify the lengths match. A mismatch could lead to an exception or undefined behavior.

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L622-L630 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L657-L661

#0 - HickupHH3

2022-07-15T09:28:34Z

(1) could have been a dup of #227, but doesn't dive deep enough into the implications of "function would revert".

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot

Awards

21.1705 USDC - $21.17

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Caching array length can save gas Caching the array length is more gas efficient. This is because access to a local variable in solidity is more efficient than query storage / calldata / memory

**Occurrences in: https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L556 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L594 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L611 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L627 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L637 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L647 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L658 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L670 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L728 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L742

  1. The following variables should be cached to save gas floorAssetTokenIds in fillOrder() floorAssetTokenIds in exercise()
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter