AbraNFT contest - kenta's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Platform: Code4rena

Start Date: 27/04/2022

Pot Size: $50,000 MIM

Total HM: 6

Participants: 59

Period: 5 days

Judge: 0xean

Id: 113

League: ETH

Abracadabra Money

Findings Distribution

Researcher Performance

Rank: 33/59

Findings: 2

Award: $116.77

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Abracadabra Money

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s

Awards

72.6404 MIM - $72.64

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

2022-04-abranft

1 missing validation for array length. The inputs in cook are all arrays, However, these arrays’ length is not checked at the beginning of the function.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L637-L639 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L670-L672

Add the validation before for loop.

require(actions.length == values.length && values.length == datas.length, “error message”);

2 delete unused import statement

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L26 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L26

Delete the above lines.

3 implement IERC721Receiver-onERC721Received and use safeTransferFrom. The following line use transferFrom for transferring the token. With the implementation of IERC721Receiver-onERC721Received you can use safeTransferFrom.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L238 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L218

Implement onERC721Received in the contract

#0 - cryptolyndon
2022-05-12T22:26:45Z

1 and 3 are not necessary. 2 is a good observation.

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s

Awards

44.1284 MIM - $44.13

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

2022-04-abranft gas optimization

1 use != 0 instead of > 0.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L739

if(_share != 0) {}

2 use unchecked and prefix in for loop

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L494 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L527

for (uint256 k = 2; k <= COMPOUND_INTEREST_TERMS;) { // some executions unchecked { ++k; } }

3 use initial value, prefix and unchecked in loop

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L641 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L674

for (uint256 i; i < actions.length;) { // some executions unchecked { ++i; } }

4 use calldata instead of memory.

https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L612 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPairWithOracle.sol#L638 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L579 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L592 https://github.com/code-423n4/2022-04-abranft/blob/main/contracts/NFTPair.sol#L605

#0 - cryptolyndon
2022-05-13T06:01:24Z

Did you check which compiler version we use? Loop counters are unchecked. Does the optimizer really not catch things like prefix-increment and the zero comparison? Or waste cycles on "i = 0"? memory arguments are for cook().

Can't dispute this until I've checked compiler output. But I remain of the opinion that these optimizations make a difference, then the compiler is broken.

AbraNFT contest - kenta's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-27] QA Report - $72.64

Findings Information

Awards

Labels

External Links

1 missing validation for array length. The inputs in cook are all arrays, However, these arrays’ length is not checked at the beginning of the function.

2 delete unused import statement

3 implement IERC721Receiver-onERC721Received and use safeTransferFrom. The following line use transferFrom for transferring the token. With the implementation of IERC721Receiver-onERC721Received you can use safeTransferFrom.

#0 - cryptolyndon2022-05-12T22:26:45Z

[G-08] Gas Report - $44.13

Findings Information

Awards

Labels

External Links

1 use != 0 instead of > 0.

2 use unchecked and prefix in for loop

3 use initial value, prefix and unchecked in loop

4 use calldata instead of memory.

#0 - cryptolyndon2022-05-13T06:01:24Z

#0 - cryptolyndon
2022-05-12T22:26:45Z

#0 - cryptolyndon
2022-05-13T06:01:24Z