Back to gzeon's contests

Anchor contest - gzeon's results

The Benchmark DeFi Yield.

General Information

Platform: Code4rena

Start Date: 24/02/2022

Pot Size: $170,000 UST

Total HM: 15

Participants: 16

Period: 14 days

Judge: Albert Chon

Total Solo HM: 11

Id: 82

League: COSMOS

Anchor

Findings Distribution

Researcher Performance

Rank: 10/16

Findings: 2

Award: $1,766.75

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAnchor

Findings Information

🌟 Selected for report: hickuphh3

Also found by: 0xliumin, 0xwags, BondiPestControl, IllIllI, WatchPug, broccoli, cccz, cmichel, defsec, gzeon, hubble, robee

Labels

bug
QA (Quality Assurance)

Awards

443.4924 USDC - $443.49

External Links

Link to GitHub issue

typo

airedrop_info https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/anchor-bAsset-contracts/contracts/anchor_basset_hub/src/state.rs#L15

pub static PREFIX_AIRDROP_INFO: &[u8] = b"airedrop_info";

parameteres https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/anchor-bAsset-contracts/contracts/anchor_basset_hub/src/state.rs#L36

pub const PARAMETERS: Item<Parameters> = Item::new("\u{0}\u{b}parameteres");

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/anchor-bAsset-contracts/contracts/anchor_basset_hub/src/state.rs#L302

pub static PARAMETERS_KEY: &[u8] = b"parameteres";

Pin Solidity Version

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/BytesLib.sol#L2 https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L9

Unresolved TODO

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/money-market-contracts/contracts/overseer/src/contract.rs#L395

    // TODO: Should this become a reply? If so which SubMsg to make reply_on?

Findings Information

🌟 Selected for report: csanuragjain

Also found by: 0v3rf10w, IllIllI, WatchPug, defsec, gzeon, hickuphh3, robee

Labels

bug
G (Gas Optimization)

Awards

1323.2616 USDC - $1,323.26

External Links

Link to GitHub issue

Variables can be set immutable

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L120-123

    uint8 private CONSISTENCY_LEVEL;
    address private WORMHOLE_CORE_BRIDGE;
    address private WORMHOLE_TOKEN_BRIDGE;
    bytes32 private TERRA_ANCHOR_BRIDGE_ADDRESS;

For loop optimization

https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L149

        for (uint8 i; i < _collateralTokens.length;) {
            whitelistedCollateralTokens[_collateralTokens[i]] = true;
            unchecked{ ++i; }
        }

Use custom errors

Solidity ^0.8.4 allow the use of custom errors to optimize gas usage. https://blog.soliditylang.org/2021/04/21/custom-errors/

Use uint256 instead of bool

EVM operations on 256-bit words it is cheaper to use uint(1) instead of true https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L126-133

    // Wormhole-wrapped Terra stablecoin tokens that are whitelisted in Terra Anchor Market. Example: UST.
    mapping(address => bool) public whitelistedStableTokens;
    // Wormhole-wrapped Terra Anchor yield-generating tokens that can be redeemed for Terra stablecoins. Example: aUST.
    mapping(address => bool) public whitelistedAnchorStableTokens;
    // Wormhole-wrapped Terra cw20 tokens that can be used as collateral in Anchor. Examples: bLUNA, bETH.
    mapping(address => bool) public whitelistedCollateralTokens;

    // Stores hashes of completed incoming token transfer.
    mapping(bytes32 => bool) public completedTokenTransfers;

Pre approve token for spending

Instead of approving each time, we can pre-approve max in constructor. https://github.com/code-423n4/2022-02-anchor/blob/7af353e3234837979a19ddc8093dc9ad3c63ab6b/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L190

        SafeERC20.safeApprove(IERC20(token), WORMHOLE_TOKEN_BRIDGE, amount);

#0 - GalloDaSballo

2022-08-04T23:49:41Z

Immutables are massive, best report in terms of gas saved

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter