Hubble contest - kenta's results

Multi-collateral/Cross-Margin Perpetual Futures on Avalanche.

General Information

Platform: Code4rena

Start Date: 17/02/2022

Pot Size: $75,000 USDC

Total HM: 20

Participants: 39

Period: 7 days

Judges: moose-code, JasoonS

Total Solo HM: 13

Id: 89

League: ETH

Hubble

Findings Distribution

Researcher Performance

Rank: 24/39

Findings: 2

Award: $311.17

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Hubble

Findings Information

🌟 Selected for report: defsec

Also found by: 0v3rf10w, 0x0x0x, 0x1f8b, 0xwags, CertoraInc, Dravee, IllIllI, Meta0xNull, Nikolay, Omik, WatchPug, bobi, cccz, csanuragjain, danb, gzeon, hubble, hyh, itsmeSTYJ, jayjonah8, kenta, kirk-baird, leastwood, pauliax, peritoflores, rfa, robee, sorrynotsorry, ye0lde

Awards

212.4973 USDC - $212.50

Labels

bug

QA (Quality Assurance)

disagree with severity

sponsor confirmed

External Links

Link to GitHub issue

Hubble contest

1 Change order of the modifier of functions.

According to solidity doc order of the modifier must be 1 Visibility 2 Mutability 3Virtual 4 Override 5 Custom modifiers In functions, the order is a little different. For example,

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L64 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L242

and so on.

2 missing input validation.

Input _governance is not checked in initialize whether it is empty or not. Nobody can have control as governance if it will be set with an empty address.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/InsuranceFund.sol#L34-L37

3 Use naming convention for constant variables

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L15-L16

uint256 public constant SPOT_PRICE_TWAP_INTERVAL = 1 hours; Uint256 public constant FUNDING_PERIOD = 1 hours;

4 Delete unused return value variable name in getCloseQuote.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L449

5 Input validation must be checked.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L148-L151

add

require(isMaker(trader), 'describe something');

6 Delete unnecessary variables.

In getTotalNotionalPositionAndUnrealizedPnl return values are defined, so following variables must be unnecessary.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L275-L276

#0 - atvanguard
2022-02-26T06:57:46Z

Good hygiene suggestions. Severity = 0

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, CertoraInc, IllIllI, Jujic, Meta0xNull, Omik, Tomio, WatchPug, csanuragjain, d4rk, danb, defsec, gzeon, kenta, pauliax, rfa, robee, sorrynotsorry, throttle

Awards

98.6676 USDC - $98.67

Labels

bug

G (Gas Optimization)

sponsor confirmed

External Links

Link to GitHub issue

Hubble contest Gas Optimization

1 use initial value to save gas for uint.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/InsuranceFund.sol#L52

uint shares;

2 use cache for array length to save gas.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L122 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L130 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L170 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L194 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L263 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L277

3 Delete unused variable. It seems that the following variable will be not used in this construct and other contracts. If it is not used, you can delete it to save gas.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L22

4 Avoid extra mstore.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L121 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L141 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L614

isNewPosition and isLongPosition are used only one time in

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L123 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L143

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L616 You can use position.size == 0 and position.size > 0 directly there to save gas.

if (position.size == 0 || (position.size > 0 ? Side.LONG : Side.SHORT) == side) { if (position.size > 0) {

5 Use msg.sender instead of _msgSender() to save gas.

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L65 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L69 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L98 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L113 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L214

6 Delete unused import statements in AMM.sol

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L5

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L9