Platform: Code4rena
Start Date: 02/08/2022
Pot Size: $50,000 USDC
Total HM: 12
Participants: 69
Period: 5 days
Judge: gzeon
Total Solo HM: 5
Id: 150
League: ETH
Rank: 63/69
Findings: 1
Award: $49.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xSmartContract, 0xc0ffEE, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Fitraldys, Funen, IllIllI, JC, JohnSmith, NoamYakov, ReyAdmirado, Rolezn, TomJ, Waze, ajtra, bearonbike, bobirichman, brgltd, c3phas, durianSausage, fatherOfBlocks, gogo, ignacio, jag, joestakey, ladboy233, mics, oyc_109, rbserver, samruna, sikorico, simon135
49.1659 USDC - $49.17
contracts/actions/MIMOEmptyVault.sol
diff --git a/contracts/actions/MIMOEmptyVault.sol b/contracts/actions/MIMOEmptyVault.sol index e9e853a..17933be 100644 --- a/contracts/actions/MIMOEmptyVault.sol +++ b/contracts/actions/MIMOEmptyVault.sol @@ -79,7 +79,8 @@ contract MIMOEmptyVault is MIMOSwap, MIMOFlashloan, IMIMOEmtpyVault { IERC20 vaultCollateral = IERC20(assets[0]); uint256 amount = amounts[0]; - vaultCollateral.safeTransfer(address(mimoProxy), amounts[0]); + // Use local variable instead of calldata array indexing. + vaultCollateral.safeTransfer(address(mimoProxy), amount); uint256 flashloanRepayAmount = amount + premiums[0]; IMIMOProxy(mimoProxy).execute(
contracts/actions/MIMOLeverage.sol
diff --git a/contracts/actions/MIMOLeverage.sol b/contracts/actions/MIMOLeverage.sol index 8a876fc..b1bad1a 100644 --- a/contracts/actions/MIMOLeverage.sol +++ b/contracts/actions/MIMOLeverage.sol @@ -83,8 +83,10 @@ contract MIMOLeverage is MIMOFlashloan, MIMOSwap, IMIMOLeverage { } IERC20 asset = IERC20(assets[0]); - asset.safeTransfer(address(mimoProxy), amounts[0]); - uint256 flashloanRepayAmount = amounts[0] + premiums[0]; + //Use local variable to cache amounts[0] + uint256 _amounts = amounts[0]; + asset.safeTransfer(address(mimoProxy), _amounts); + uint256 flashloanRepayAmount = _amounts + premiums[0]; IMIMOProxy(mimoProxy).execute( address(this), @@ -130,8 +132,11 @@ contract MIMOLeverage is MIMOFlashloan, MIMOSwap, IMIMOLeverage { require(collateralBalanceAfter >= flashloanRepayAmount, Errors.CANNOT_REPAY_FLASHLOAN); if (collateralBalanceAfter > flashloanRepayAmount) { - token.safeIncreaseAllowance(address(core), collateralBalanceAfter - flashloanRepayAmount); - core.deposit(address(token), collateralBalanceAfter - flashloanRepayAmount); + // collateralBalanceAfter is guaranteed to be greater than flashloanRepayAmount, so no underflow + unchecked { + token.safeIncreaseAllowance(address(core), collateralBalanceAfter - flashloanRepayAmount); + core.deposit(address(token), collateralBalanceAfter - flashloanRepayAmount); + } } token.safeTransfer(msg.sender, flashloanRepayAmount);
contracts/actions/MIMORebalance.sol
diff --git a/contracts/actions/MIMORebalance.sol b/contracts/actions/MIMORebalance.sol index f932ef8..0486ec1 100644 --- a/contracts/actions/MIMORebalance.sol +++ b/contracts/actions/MIMORebalance.sol @@ -82,7 +82,8 @@ contract MIMORebalance is MIMOFlashloan, MIMOSwap, IMIMORebalance { IERC20 fromCollateral = IERC20(assets[0]); uint256 amount = amounts[0]; - fromCollateral.safeTransfer(address(mimoProxy), amounts[0]); + //Use local variable instead of calldata array + fromCollateral.safeTransfer(address(mimoProxy), amount); uint256 flashloanRepayAmount = amount + premiums[0]; IMIMOProxy(mimoProxy).execute(
contracts/actions/automated/MIMOAutoRebalance.sol
diff --git a/contracts/actions/automated/MIMOAutoRebalance.sol b/contracts/actions/automated/MIMOAutoRebalance.sol index 56fea38..e5c598b 100644 --- a/contracts/actions/automated/MIMOAutoRebalance.sol +++ b/contracts/actions/automated/MIMOAutoRebalance.sol @@ -110,8 +110,9 @@ contract MIMOAutoRebalance is MIMOAutoAction, MIMOFlashloan, IMIMOAutoRebalance IERC20 fromCollateral = IERC20(assets[0]); uint256 amount = amounts[0]; - fromCollateral.safeTransfer(address(mimoProxy), amounts[0]); - uint256 flashloanRepayAmount = amounts[0] + premiums[0]; + // Use local variable amount further + fromCollateral.safeTransfer(address(mimoProxy), amount); + uint256 flashloanRepayAmount = amount + premiums[0]; IMIMOProxy(mimoProxy).execute( mimoRebalance,
contracts/actions/managed/MIMOManagedAction.sol
diff --git a/contracts/actions/managed/MIMOManagedAction.sol b/contracts/actions/managed/MIMOManagedAction.sol index 4a80a6a..c2744f4 100644 --- a/contracts/actions/managed/MIMOManagedAction.sol +++ b/contracts/actions/managed/MIMOManagedAction.sol @@ -87,9 +87,9 @@ contract MIMOManagedAction is IMIMOManagedAction { /** @notice Helper function calculating LTV ratio - @return Vault collateral value / vault debt + @return vaultRatio collateral value / vault debt */ - function _getVaultRatio(uint256 vaultId) internal view returns (uint256) { + function _getVaultRatio(uint256 vaultId) internal view returns (uint256 vaultRatio) { IAddressProvider _a = a; IVaultsDataProvider vaultsData = _a.vaultsData(); IPriceFeed priceFeed = _a.priceFeed(); @@ -103,9 +103,7 @@ contract MIMOManagedAction is IMIMOManagedAction { return (type(uint256).max); } - uint256 vaultRatio = collateralValue.wadDiv(vaultDebt); - - return (vaultRatio); + vaultRatio = collateralValue.wadDiv(vaultDebt); } /**
contracts/actions/managed/MIMOManagedRebalance.sol 1.Use local variable instead of calldata array indexing.
diff --git a/contracts/actions/managed/MIMOManagedRebalance.sol b/contracts/actions/managed/MIMOManagedRebalance.sol index d1da1ec..7a807c4 100644 --- a/contracts/actions/managed/MIMOManagedRebalance.sol +++ b/contracts/actions/managed/MIMOManagedRebalance.sol @@ -111,8 +111,9 @@ contract MIMOManagedRebalance is MIMOManagedAction, MIMOFlashloan, IMIMOManagedR IERC20 fromCollateral = IERC20(assets[0]); uint256 amount = amounts[0]; - fromCollateral.safeTransfer(address(mimoProxy), amounts[0]); - uint256 flashloanRepayAmount = amounts[0] + premiums[0]; + // Use local variable amount + fromCollateral.safeTransfer(address(mimoProxy), amount); + uint256 flashloanRepayAmount = amount + premiums[0]; IMIMOProxy(mimoProxy).execute( mimoRebalance,
contracts/proxy/MIMOProxy.sol
diff --git a/contracts/proxy/MIMOProxy.sol b/contracts/proxy/MIMOProxy.sol index eca654c..2171d82 100644 --- a/contracts/proxy/MIMOProxy.sol +++ b/contracts/proxy/MIMOProxy.sol @@ -129,7 +129,9 @@ contract MIMOProxy is IMIMOProxy, Initializable, BoringBatchable { revert CustomErrors.NOT_OWNER(owner, msg.sender); } bytes[] memory results = new bytes[](data.length); - for (uint256 i = 0; i < targets.length; i++) { + // Optimize for loop + uint256 _len = targets.length; + for (uint256 i; i < _len;) { (bool success, bytes memory response) = targets[i].call(data[i]); if (!success) { if (response.length > 0) { @@ -142,6 +144,9 @@ contract MIMOProxy is IMIMOProxy, Initializable, BoringBatchable { } } results[i] = response; + unchecked { + ++i; + } } return results; }