Trader Joe contest - gzeon's results

Handle

gzeon

Vulnerability details

Impact

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeFactory.sol#L167

    function setPenaltyCollector(address _penaltyCollector)
        external
        override
        onlyOwner
    {
        penaltyCollector = _penaltyCollector;
        emit SetPenaltyCollector(_penaltyCollector);
    }

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L371

            _safeTransferAVAX(rocketJoeFactory.penaltyCollector(), feeAmount);

Handle

gzeon

Vulnerability details

Impact

> 0 is less gas efficient than != 0 for uint in require condition when optimizer is enabled Ref: https://twitter.com/GalloDaSballo/status/1485430908165443590

Proof of Concept

$ grep -R -n -i "> 0" ./contracts/ ./contracts/LaunchEvent.sol:314: msg.value > 0, ./contracts/LaunchEvent.sol:355: require(_amount > 0, "LaunchEvent: invalid withdraw amount"); ./contracts/LaunchEvent.sol:390: require(wavaxReserve > 0, "LaunchEvent: no wavax balance"); ./contracts/LaunchEvent.sol:486: require(amount > 0, "LaunchEvent: caller has no incentive to claim"); ./contracts/LaunchEvent.sol:498: user.balance > 0, ./contracts/RocketJoeFactory.sol:119: _tokenAmount > 0,

Handle

gzeon

Vulnerability details

Impact

Some variables could be set immutable to save gas, e.g. https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeFactory.sol#L21

    address public override eventImplementation;

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeFactory.sol#L25

    address public override wavax;

Handle

gzeon

Vulnerability details

Impact

Can perform floating point multiplication like the following

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeStaking.sol#L108

    user.rewardDebt = (user.amount * accRJoePerShare) / PRECISION;

with this function to save gas

// out = x * y unchecked{/} z
function fmul(uint256 x, uint256 y, uint256 z) internal pure returns(uint256 out){
  assembly{
      if iszero(eq(div(mul(x,y),x),y)) {revert(0,0)}
      out := div(mul(x,y),z)
  }
}

Handle

gzeon

Vulnerability details

Impact

Use type(uint256).max instead of block.timestamp as deadline to save gas https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L419

            block.timestamp // deadline

Handle

gzeon

Vulnerability details

Impact

If msg.sender == issuer, we don't need to call pairBalance(msg.sender) https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L447

        uint256 balance = pairBalance(msg.sender);
        user.hasWithdrawnPair = true;

        if (msg.sender == issuer) {
            balance = lpSupply / 2;

            emit IssuerLiquidityWithdrawn(msg.sender, address(pair), balance);

            if (tokenReserve > 0) {
                uint256 amount = tokenReserve;
                tokenReserve = 0;
                token.transfer(msg.sender, amount);
            }
        } else {
            emit UserLiquidityWithdrawn(msg.sender, address(pair), balance);
        }

to

        uint256 balance;
        user.hasWithdrawnPair = true;

        if (msg.sender == issuer) {
            balance = lpSupply / 2;

            emit IssuerLiquidityWithdrawn(msg.sender, address(pair), balance);

            if (tokenReserve > 0) {
                uint256 amount = tokenReserve;
                tokenReserve = 0;
                token.transfer(msg.sender, amount);
            }
        } else {
            balance = pairBalance(msg.sender);
            emit UserLiquidityWithdrawn(msg.sender, address(pair), balance);
        }