Back to gzeon's contests

PoolTogether Aave v3 contest - gzeon's results

A protocol for no loss prize savings on Ethereum.

General Information

Platform: Code4rena

Start Date: 29/04/2022

Pot Size: $22,000 USDC

Total HM: 6

Participants: 40

Period: 3 days

Judge: Justin Goro

Total Solo HM: 2

Id: 114

League: ETH

PoolTogether

Findings Distribution

Researcher Performance

Rank: 9/40

Findings: 3

Award: $677.69

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPoolTogether

Findings Information

🌟 Selected for report: MaratCerby

Also found by: 0x52, 0xDjango, 0xf15ers, Dravee, GimelSec, IllIllI, Picodes, delfin454000, gzeon, hake, kebabsec, pauliax, reassor, z3s

Labels

bug
QA (Quality Assurance)

Awards

134.2153 USDC - $134.22

External Links

Link to GitHub issue

Low

Rounding-error can be redeemed for free

If the _redeemAmount is > 0 but less than the value of 1 share, 0 share will be burned while the user can withdraw non-zero amount. https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L255

    uint256 _shares = _tokenToShares(_redeemAmount);

IERC20 is re-used

        - IERC20 (node_modules/@aave/core-v3/contracts/dependencies/openzeppelin/contracts/IERC20.sol#7-80)
        - IERC20 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#9-82)

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused

Non-Critical

Upgrade Solidity Version

Consider to pin Solidity version to latest 0.8.12

Use custom errors

Solidity ^0.8.4 allow the use of custom errors to optimize gas usage. https://blog.soliditylang.org/2021/04/21/custom-errors/

Duplicated code

L337 can reuse _requireNotAToken in L348 https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L337 https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L348

Remove safeMath library

Solidity > 0.8.0 have safe math by default https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L26

  using SafeMath for uint256;

#0 - PierrickGT

2022-05-03T22:45:32Z

Rounding-error can be redeemed for free

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/44

IERC20 is re-used

We prefer to use the one coming from the OpenZeppelin package.

Upgrade Solidity Version

Not possible since Aave V3 uses 0.8.10

Use custom errors

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/13

Duplicated code

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/4

Remove safeMath library

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/11

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xf15ers, 0xkatana, 242, Dravee, GimelSec, MaratCerby, Tadashi, TrungOre, WatchPug, defsec, fatherOfBlocks, gzeon, hake, horsefacts, joestakey, miguelmtzinf, pauliax, pedroais, peritoflores, rotcivegaf, simon135, slywaters, tabish, throttle, z3s

Awards

42.6253 USDC - $42.63

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

> 0 is less efficient than != 0 for uint in require condition

Ref: https://twitter.com/GalloDaSballo/status/1485430908165443590

contracts/AaveV3YieldSource.sol:179:    require(decimals_ > 0, "AaveV3YS/decimals-gt-zero");
contracts/AaveV3YieldSource.sol:233:    require(_shares > 0, "AaveV3YS/shares-gt-zero");

Variable can be set to immutable

https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L127-133

  IAToken public aToken;

  /// @notice Aave RewardsController address.
  IRewardsController public rewardsController;

  /// @notice Aave poolAddressesProviderRegistry address.
  IPoolAddressesProviderRegistry public poolAddressesProviderRegistry;

Remove safeMath library

Solidity > 0.8.0 have safe math by default https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L26

  using SafeMath for uint256;

Float multiplication optimization

We can use the following function to save gas on float multiplications

// out = x * y unchecked{/} z
function fmul(uint256 x, uint256 y, uint256 z) internal pure returns(uint256 out){
assembly{
if iszero(eq(div(mul(x,y),x),y)) {revert(0,0)}
out := div(mul(x,y),z)
}
}

https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L361 https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L373

#0 - PierrickGT

2022-05-03T22:41:11Z

0 is less efficient than != 0 for uint in require condition Remove safeMath library

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/11

Variable can be set to immutable

Duplicate of https://github.com/code-423n4/2022-04-pooltogether-findings/issues/1

Float multiplication optimization

This piece of code is probably coming from solmate and hasn't been audited yet, so we won't implement it.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter