Platform: Code4rena
Start Date: 16/11/2021
Pot Size: $50,000 ETH
Total HM: 11
Participants: 17
Period: 7 days
Judge: LSDan
Total Solo HM: 8
Id: 49
League: ETH
Rank: 15/17
Findings: 2
Award: $273.10
🌟 Selected for report: 0
🚀 Solo Findings: 0
gzeon
There is no check when setting marginRewardRate, if it is set to any value > FixedPoint.ONE (i.e. 1e18) it would lead to underflow at L403
Add related check in setMarketInfo
#0 - mikeyrf
2021-12-06T23:30:33Z
duplicate #77 - bounds on governance params
gzeon
We don't need full 256 bit if leverage is discrete amount, can pack this into a uint8 so that the first 3 variable in Position.Info struct pack into 1 storage slot instead of 2.
struct Info { address market; // the market for the position bool isLong; // whether long or short uint8 leverage; // discrete initial leverage amount uint pricePoint; // pricePointIndex uint256 oiShares; // shares of total open interest on long/short side, depending on isLong value uint256 debt; // total debt associated with this position uint256 cost; // total amount of collateral initially locked; effectively, cost to enter position }
with casting whenever leverage variable is used
#0 - commercium-sys
2021-11-24T18:02:12Z
Yeah, these changes I have been meaning to do for a while and just have to settle on the actual strategy.
I'd go even further, oiShares, debt and cost do not need to uint256. They could be packed at least to uint112s, maybe more if we are willing to sacrifice decimals at the end.
The price point can definitely be made less than 256. Just off the top of my head, we could make it a uint24, which would afford our market almost 16 million possible price points.
#1 - mikeyrf
2021-12-07T00:33:53Z
duplicate #126
gzeon
L10-L14
#0 - mikeyrf
2021-12-06T23:36:42Z
duplicate #77 - bounds on governance params
#1 - dmvt
2021-12-21T15:01:24Z
Duplicate of #122, not #77. Warden describes dead code and gas saving from removing it, not the bounding issue.