Platform: Code4rena
Start Date: 29/07/2022
Pot Size: $50,000 USDC
Total HM: 6
Participants: 75
Period: 5 days
Judge: GalloDaSballo
Total Solo HM: 3
Id: 149
League: ETH
Rank: 47/75
Findings: 2
Award: $87.35
π Selected for report: 0
π Solo Findings: 0
π Selected for report: oyc_109
Also found by: 0x1f8b, 0x52, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, IllIllI, JC, Lambda, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Twpony, Waze, Yiko, __141345__, ajtra, apostle0x01, ashiq0x01, asutorufos, bardamu, benbaessler, berndartmueller, bharg4v, bulej93, c3phas, cccz, ch13fd357r0y3r, codexploder, cryptonue, cryptphi, defsec, djxploit, durianSausage, fatherOfBlocks, gogo, hansfriese, horsefacts, ignacio, kyteg, lucacez, mics, rbserver, robee, sashik_eth, simon135, sseefried, tofunmi, xiaoming90
56.1273 USDC - $56.13
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L23 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L71 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L144
We should use address(xxx).call{value:xxxx} instead of payable(msg.sender).transfer . Because if msg.sender is a contract, it can use its receive function to reentrance attacking or using some logic vulner abilities to lock the entire contract.
'deposit-service\ReceiverImplementation.sol', 22, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'deposit-service\ReceiverImplementation.sol', 50, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'deposit-service\ReceiverImplementation.sol', 70, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'deposit-service\ReceiverImplementation.sol', 85, ' recipient.transfer(amount); 'gas-service\AxelarGasService.sol', 127, ' if (amount > 0) receiver.transfer(amount); 'gas-service\AxelarGasService.sol', 143, ' receiver.transfer(amount);
'deposit-service\ReceiverImplementation.sol', 22, ' if (address(this).balance > 0) refundAddress.call{value:address(this).balance}(); 'deposit-service\ReceiverImplementation.sol', 50, ' if (address(this).balance > 0) refundAddress.call{value:address(this).balance}(); 'deposit-service\ReceiverImplementation.sol', 70, ' if (address(this).balance > 0) refundAddress.call{value:address(this).balance}(); 'deposit-service\ReceiverImplementation.sol', 85, ' recipient.call{value:amount}(); 'gas-service\AxelarGasService.sol', 127, ' if (amount > 0) receiver.call{value:amount}(); 'gas-service\AxelarGasService.sol', 143, ' receiver.call{value:amount}();
#0 - re1ro
2022-08-05T00:24:38Z
Duplicate of #4
π Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi
31.222 USDC - $31.22
prefix increment ++i is more cheaper than postfix i++
'AxelarGateway.sol', 206, ' for (uint256 i = 0; i < symbols.length; i++) { 'ERC20Permit.sol', 52, ' keccak256(abi.encode(PERMIT_SIGNATURE_HASH, issuer, spender, value, nonces[issuer]++, deadline)) 'deposit-service\AxelarDepositService.sol', 113, ' for (uint256 i; i < refundTokens.length; i++) { 'deposit-service\AxelarDepositService.sol', 167, ' for (uint256 i; i < refundTokens.length; i++) { 'deposit-service\AxelarDepositService.sol', 203, ' for (uint256 i; i < refundTokens.length; i++) { 'gas-service\AxelarGasService.sol', 122, ' for (uint256 i; i < tokens.length; i++) {
// Booleans are more expensive than uint256 or any type that takes up a full // word because each write operation emits an extra SLOAD to first read the // slot's contents, replace the bits taken up by the boolean, and then write // back. This is the compiler's defense against contract upgrades and // pointer aliasing, and it cannot be disabled.
'EternalStorage.sol', 13, ' mapping(bytes32 => bool) private _boolStorage;
0 is less gas efficient than !0 if you enable the optimizer at 10k AND youβre in a require statement. Detailed explanation with the opcodes https://twitter.com/gzeon/status/1485428085885640706
'AxelarGateway.sol', 612, ' if (limit > 0 && amount > limit) revert ExceedDailyMintLimit(symbol); 'AxelarGateway.sol', 254, ' if (newOperatorsData.length > 0) { 'auth\AxelarAuthWeighted.sol', 75, ' if (epochForHash[newOperatorsHash] > 0) revert SameOperators(); 'deposit-service\AxelarDepositService.sol', 164, ' if (addressForNativeDeposit(salt, refundAddress, destinationChain, destinationAddress).balance > 0 && msg.sender != refundAddress) 'deposit-service\ReceiverImplementation.sol', 22, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'deposit-service\ReceiverImplementation.sol', 50, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'deposit-service\ReceiverImplementation.sol', 70, ' if (address(this).balance > 0) refundAddress.transfer(address(this).balance); 'gas-service\AxelarGasService.sol', 127, ' if (amount > 0) receiver.transfer(amount); 'gas-service\AxelarGasService.sol', 130, ' if (amount > 0) _safeTransfer(token, receiver, amount); 'util\Upgradable.sol', 49, ' if (params.length > 0) {
resign the default value to the variables will cost more gas.
'AxelarGateway.sol', 206, ' for (uint256 i = 0; i < symbols.length; i++) { 'auth\AxelarAuthWeighted.sol', 67, ' uint256 totalWeight = 0; 'auth\AxelarAuthWeighted.sol', 68, ' for (uint256 i = 0; i < weightsLength; ++i) { 'auth\AxelarAuthWeighted.sol', 93, ' uint256 operatorIndex = 0; 'auth\AxelarAuthWeighted.sol', 94, ' uint256 weight = 0; 'auth\AxelarAuthWeighted.sol', 97, ' for (uint256 i = 0; i < signatures.length; ++i) {
'ERC20.sol', 171, ' balanceOf[sender] -= amount; 'ERC20.sol', 172, ' balanceOf[recipient] += amount; 'ERC20.sol', 190, ' totalSupply += amount; 'ERC20.sol', 191, ' balanceOf[account] += amount; 'ERC20.sol', 211, ' balanceOf[account] -= amount; 'ERC20.sol', 212, ' totalSupply -= amount;
#0 - re1ro
2022-08-05T00:23:58Z
Yup. Dup #2
Good spot. We might consider that.
Good spot.
Yup. Dup #2
Yup. Dup #2
#1 - GalloDaSballo
2022-08-23T00:40:30Z
Less than 100 gas