Back to gzeon's contests

Nested Finance contest - gzeon's results

The one-stop Defi app to build, manage and monetize your portfolio.

General Information

Platform: Code4rena

Start Date: 10/02/2022

Pot Size: $30,000 USDC

Total HM: 5

Participants: 24

Period: 3 days

Judge: harleythedog

Total Solo HM: 3

Id: 86

League: ETH

Nested Finance

Findings Distribution

Researcher Performance

Rank: 12/24

Findings: 2

Award: $201.57

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNested Finance

Findings Information

🌟 Selected for report: pauliax

Also found by: 0xliumin, Dravee, GreyArt, IllIllI, Omik, ShippooorDAO, WatchPug, bobi, csanuragjain, gzeon, kenzo, rfa, robee, samruna

Labels

bug
QA (Quality Assurance)
sponsor confirmed

Awards

126.0044 USDC - $126.00

External Links

Link to GitHub issue

rebuildCaches lack input validation

rebuildCaches function will call rebuildCache() for arbitary destinations contract https://github.com/code-423n4/2022-02-nested/blob/fe6f9ef7783c3c84798c8ab5fc58085a55cebcfc/contracts/OperatorResolver.sol#L74

    function rebuildCaches(MixinOperatorResolver[] calldata destinations) public {
        for (uint256 i = 0; i < destinations.length; i++) {
            destinations[i].rebuildCache();
        }
    }

Event name must be in CamelCase

https://github.com/code-423n4/2022-02-nested/blob/fe6f9ef7783c3c84798c8ab5fc58085a55cebcfc/contracts/NestedRecords.sol#L22

    event reserveUpdated(uint256 nftId, address newReserve);

#0 - maximebrugel

2022-02-15T15:22:04Z

"rebuildCaches lack input validation" (Confirmed)

It could have been OK on a smart contract that does just that, but inside the OperatorResolver maybe it's better to remove the function to create an helper or use a bytes32 to get the destination from the Struct.

"Event name must be in CamelCase" (Confirmed)

#1 - maximebrugel

2022-02-16T11:28:47Z

The in-between solution for the rebuildCaches is make the function onlyOwner.

#2 - harleythedogC4

2022-02-27T20:17:18Z

I will close this report in favor of #49 (will consider both reports for the final score).

#3 - harleythedogC4

2022-03-01T01:33:26Z

Actually, it seems #49 is actually a gas report that was mistakenly submitted as a QA report. I will close that one instead and not consider for the QA score.

#4 - harleythedogC4

2022-03-01T02:27:26Z

My personal judgements:

  1. "rebuildCaches lack input validation". Warden doesn't give many details on the security risks of this. Valid and very-low-critical.
  2. "Event name must be in CamelCase". Valid and non-critical.

#5 - harleythedogC4

2022-03-03T02:29:28Z

Now, here is the methodology I used for calculating a score for each QA report. I first assigned each submission to be either non-critical (1 point), very-low-critical (5 points) or low-critical (10 points), depending on how severe/useful the issue is. The score of a QA report is the sum of these points, divided by the maximum number of points achieved by a QA report. This maximum number was 26 points, achieved by https://github.com/code-423n4/2022-02-nested-findings/issues/66.

The number of points achieved by this report is 6points. Thus the final score of this QA report is (6/26)*100 = 23.

Findings Information

🌟 Selected for report: pauliax

Also found by: 0x1f8b, Dravee, GreyArt, Omik, ShippooorDAO, Tomio, bobi, cmichel, csanuragjain, defsec, gzeon, kenta, kenzo, m_smirnova2020, rfa, robee, sirhashalot, ye0lde

Awards

75.5694 USDC - $75.57

Labels

bug
duplicate
G (Gas Optimization)

External Links

Link to GitHub issue

Long revert string

https://github.com/code-423n4/2022-02-nested/blob/fe6f9ef7783c3c84798c8ab5fc58085a55cebcfc/contracts/NestedFactory.sol#L444

            require(amounts[1] <= _amountToSpend, "NestedFactory::_safeSubmitOrder: Overspent");

https://github.com/code-423n4/2022-02-nested/blob/fe6f9ef7783c3c84798c8ab5fc58085a55cebcfc/contracts/operators/ZeroEx/ZeroExOperator.sol#L36

        require(amountBought != 0, "ZeroExOperator::performSwap: amountBought cant be zero");
        require(amountSold != 0, "ZeroExOperator::performSwap: amountSold cant be zero");

Use uint256 instead of bool

Use uint(1) instead of bool(true) to save gas by avoiding masking ops https://github.com/code-423n4/2022-02-nested/blob/fe6f9ef7783c3c84798c8ab5fc58085a55cebcfc/contracts/abstracts/OwnableFactoryHandler.sol#L17

    mapping(address => bool) public supportedFactories;

Use custom errors

Solidity ^0.8.4 allow the use of custom errors to optimize gas usage. https://blog.soliditylang.org/2021/04/21/custom-errors/

#0 - adrien-supizet

2022-02-16T10:26:59Z

Long revert string

duplicate from other reports

Use uint256 instead of bool

disputed, using uints does not save gas here

Use custom errors

disputed, already acknowledged during the first audit

#1 - harleythedogC4

2022-03-13T04:27:11Z

My personal judgments:

  1. "Long revert string". Valid and small-optimization.
  2. "Use uint256 instead of bool". I don't see how this saves gas, there should be more detail. Invalid.
  3. "Use custom errors". Agree with sponsor. Invalid.

#2 - harleythedogC4

2022-03-13T06:16:26Z

Now, here is the methodology I used for calculating a score for each gas report. I first assigned each submission to be either small-optimization (1 point), medium-optimization (5 points) or large-optimization (10 points), depending on how useful the optimization is. The score of a gas report is the sum of these points, divided by the maximum number of points achieved by a gas report. This maximum number was 10 points, achieved by #67.

The number of points achieved by this report is 1 points. Thus the final score of this gas report is (1/10)*100 = 10.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter