Back to cryptphi's contests

QuickSwap and StellaSwap contest - cryptphi's results

A concentrated liquidity DEX with dynamic fees.

General Information

Platform: Code4rena

Start Date: 26/09/2022

Pot Size: $50,000 USDC

Total HM: 13

Participants: 113

Period: 5 days

Judge: 0xean

Total Solo HM: 6

Id: 166

League: ETH

QuickSwap and StellaSwap

Findings Distribution

Researcher Performance

Rank: 67/113

Findings: 1

Award: $52.04

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryQuickSwap and StellaSwap

Findings Information

🌟 Selected for report: 0xNazgul

Also found by: 0x1f8b, 0x52, 0xDecorativePineapple, 0xSmartContract, 0xmatt, Aeros, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DimitarDimitrov, IllIllI, JC, Jeiwan, Lambda, Matin, Migue, Mukund, Ocean_Sky, Olivierdem, RaymondFam, RockingMiles, Rolezn, Ruhum, Satyam_Sharma, Shinchan, Tomo, Trabajo_de_mates, V_B, Waze, __141345__, a12jmx, ajtra, asutorufos, aysha, brgltd, bulej93, carrotsmuggler, catchup, cccz, chrisdior4, cryptonue, cryptphi, d3e4, defsec, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, kaden, karanctf, ladboy233, lukris02, mahdikarimi, martin, mics, natzuu, oyc_109, p_crypt0, pedr02b2, rbserver, reassor, rotcivegaf, rvierdiiev, sikorico, slowmoses, sorrynotsorry, tnevler, trustindistrust

Awards

52.0364 USDC - $52.04

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue
  1. Missing zero address check The following functions are missing a zero address check; Occurrences
  • AlgebraFactory.constructor() -_poolDeployer, _vaultAddress arguments
  • DataStorageOperator.constructor() - _pool argument
  • PoolImmutables.constructor() - deployer argument
  • AlgebraFactory.createPool()
  • AlgebraFactory.setOwner() - _owner argument
  • AlgebraFactory.setFarmingAddress() - _farmingAddress argument
  • AlgebraFactory.setVaultAddress() - _vaultAddress argument
  • AlgebraPool.setIncentive() - virtualPoolAddress argument
  1. The Pure function should be a view function. Occurences

  • DataStorageOperator.window() : This function reads a state from the contract, hence it should have view mutability.

  • DataStorageOperator.calculateVolumePerLiquidity() : This function reads MAX_VOLUME_PER_LIQUIDITY state from the DataStorageOperator contract, hence it should have view mutability.

  • PoolImmutables.tickSpacing() reads state from the contract, hence it should have view mutability

  • PoolImmutables.maxLiquidityPerTick() reads state from the contract, hence it should have view mutability

  1. Missing zero value check The following do not check for a zero value
  • AlgebraPool.setLiquidityCooldown() - newLiquidityCooldown argument
  • AlgebraPool.setCommunityFee - communityFee0 and communityFee1 arguments
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter