Back to halden's contests

Ondo Finance contest - halden's results

Institutional-Grade Finance. On-Chain. For Everyone.

General Information

Platform: Code4rena

Start Date: 11/01/2023

Pot Size: $60,500 USDC

Total HM: 6

Participants: 69

Period: 6 days

Judge: Trust

Total Solo HM: 2

Id: 204

League: ETH

Ondo Finance

Findings Distribution

Researcher Performance

Rank: 66/69

Findings: 1

Award: $32.36

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOndo Finance

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, 0xSmartContract, Aymen0909, Bnke0x0, Diana, IllIllI, RaymondFam, Rolezn, Sathish9098, SleepingBugs, Viktor_Cortess, adriro, arialblack14, chaduke, cryptostellar5, cygaar, descharre, dharma09, eyexploit, halden, pavankv, saneryee, tsvetanovv

Awards

32.3616 USDC - $32.36

Labels

bug
G (Gas Optimization)
grade-b
G-05

External Links

Link to GitHub issue

[G-01] Use assembly to check for address(0). Missed in the C4udit output

File CashManager.sol: 141, 144, 147, 150, 150

File KYCRegistryClient.sol: 40

File CashKYCSender.sol: 68

File CashKYCSenderReceiver.sol: 68, 76

File KYCRegistryClient.sol: 40

[G-02] Cache storage values in memory to minimize SLOADs

The code can be optimized by minimising the number of SLOADs. Storage value should get cached in memory if they occur more than once.

  1. Use _epochDuration instead of epochDuration 176 Recommended:
(block.timestamp % _epochDuration);
  1. Cache epochToExchangeRate[epochToClaim] in memory. If the check for equal to zero is false we can save 2 SLOAD. One in line 266 and another in 492. 249 Recommended:
uint256 rate = epochToExchangeRate[epochToClaim];
if (rate == 0) { // line 249
     revert ExchangeRateNotSet();
}

emit MintCompleted(
    user,
    cashOwed,
    collateralDeposited,
    rate // line 266
    epochToClaim
);

function _getMintAmountForEpoch(
    uint256 collateralAmountIn,
    uint256 rate // line 489
  ) private view returns (uint256 cashAmountOut) {
    uint256 amountE24 = _scaleUp(collateralAmountIn) * 1e6;
    cashAmountOut = amountE24 / rate; // line 492
}
  1. Cache currentEpoch in memory. 678 Recommended:
    uint256 epoch = currentEpoch;
    redemptionInfoPerEpoch[epoch].addressToBurnAmt[  // line 678
        msg.sender
      ] += amountCashToRedeem;
    redemptionInfoPerEpoch[epoch].totalBurned += amountCashToRedeem; // line 681


    emit RedemptionRequested(msg.sender, amountCashToRedeem, epoch); // line 685
  1. Cache feeRecipient in memory. 725 Recommended:
    address recipient = feeRecipient;
    collateral.safeTransferFrom(assetSender, recipient, fees); // line 725
    emit RedemptionFeesCollected(recipient, fees, epochToService); // line 726
  1. Use memory variable in emmiting of event 822 Recommended:
emit MinimumRedeemAmountSet(oldRedeemMin, newRedeemMinimum);
  1. Cache fTokenToUnderlyingPrice[fToken] in memory Recomended:
    uint256 underlyingPrice = fTokenToUnderlyingPrice[fToken];
    if (underlyingPrice != 0) { // Line 64
      return underlyingPrice; // Line 65
    } else {
      address cTokenAddress = underlyingPrice; // Line 69

[G-03] Add unchecked {} where the operands can not underflow/overflow because of a previous check

210 feesInCollateral every time will be less than collateralAmountIn. 296-300 626 645 722 refundedAmt can be equal to redemptionInfoPerEpoch[epochToService].totalBurned or less 723 In the comment above function we know that collateralAmountToDist include total amount to distribute for redemptions and fees to accrue to Ondo. Based on the comment, the variable fees will be less than collateralAmountToDist. So we can add unchecked {} block because operands can not underflow. Also I will recomend to be added additional check collateralAmountToDist > ``fees` as a require in the start of function. If this conditional is false the function should revert. 865 867

[G-04] Using unchecked blocks to save gas - Increments in for loop can be unchecked

File CashManager.sol: 750, 786, 933, 961

File CashFactory.sol: 127

File CashKYCSenderFactory.sol: 137

File CashKYCSenderReceiverFactory.sol: 137

[G-05] Splitting require() statements that use && saves gas

File OndoPriceOracleV2.sol: 293

[G-06] Use Custom Errors. Missed in the C4udit output

File Cash.sol: 37

File CCashDelegate.sol: 31, 46

File CTokenDelegate.sol: 31, 46

File CashKYCSender.sol 64, 71

File OndoPriceOracle.sol 121

File CashKYCSenderReceiver.sol: 64, 71, 79

File KYCRegistry.sol 89

[G-07] require()/revert() strings longer than 32 bytes cost extra gas

File Cash.sol: 37

File CCashDelegate.sol: 32, 47 )

File CTokenDelegate.sol: 32, 47

File CashKYCSender.sol 65, 72

File OndoPriceOracle.sol 122

File CashKYCSenderReceiver.sol: 65, 72, 80

File CashFactory.sol: 152

File KYCRegistry.sol 90

[GAS-8] Use calldata instead of memory for function arguments that do not get mutated. Missed in the C4udit output

File CashKYCSender.sol: 47-48

File CashKYCSenderReceiver.sol: 47-48

#0 - c4-judge

2023-01-23T14:40:18Z

trust1995 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter