Back to kenta's contests

Phuture Finance contest - kenta's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Platform: Code4rena

Start Date: 19/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 43

Period: 3 days

Judges: moose-code, JasoonS

Total Solo HM: 7

Id: 90

League: ETH

Phuture Finance

Findings Distribution

Researcher Performance

Rank: 16/43

Findings: 3

Award: $122.96

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPhuture Finance

Findings Information

🌟 Selected for report: cccz

Also found by: 0xkatana, Dravee, IllIllI, WatchPug, berndartmueller, defsec, fatima_naz, jah, kebabsec, kenta, pedroais, peritoflores, rayn, reassor, tabish

Awards

22.0499 USDC - $22.05

Labels

bug
duplicate
2 (Med Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L83-L84

Vulnerability details

Impact

You check only the answer(The price) after calling the chainlink Chainlink Price feeds in the following lines. In addition, you need to check whether the data is really updated.

Proof of Concept

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L83-L84

Tools Used

code review

Please add the following validations.

(uint80 baseRoundID, int basePrice, ,uint256 baseUpdatedAt , uint80 baseAnsweredInRound ) = baseAggregator.latestRoundData(); (uint80 quoteRoundID, int quotePrice, ,uint256 quoteUpdatedAt , uint80 quoteAnsweredInRound ) = assetInfo.aggregator.latestRoundData();

require(basePrice > 0 && quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE"); require(baseAnsweredInRound >= baseRoundID && quoteAnsweredInRound >= quoteRoundID , "error message"); require(baseUpdatedAt > 0 && quoteUpdatedAt > 0, "error message");

#0 - olivermehr

2022-05-02T20:24:32Z

duplicate of issue #1

#1 - olivermehr

2022-05-02T20:25:04Z

duplicate issue #1

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xkatana, Dravee, Kenshin, Tadashi, TerrierLover, abhinavmir, defsec, ellahi, fatima_naz, foobar, gzeon, hyh, joestakey, kebabsec, kenta, minhquanym, oyc_109, rayn, robee, sseefried, xpriment626, z3s

Awards

69.53 USDC - $69.53

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

2022-04-phuture

1 missing validation for array lengths in initialize. The length of the input _assets and _capitalizations must be the same.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L25-L27

You can add the following require statement.

require(_assets.length == _capitalizations.length, “error message”);

2 Lock pragmas to specific compiler version. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

pragma solidity 0.8.7;

3 missing validation for _amount in transfer.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/libraries/NAV.sol#L22

require(_amount != 0, “error message”);

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s

Awards

31.3783 USDC - $31.38

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

2022-04-phuture gas optimization

1 use != 0 instead of > 0. != is cheaper than > 0.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/libraries/NAV.sol#L49 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L61 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L98 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhutureIndex.sol#L56 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhutureIndex.sol#L64

if (i != 0) {} if (newWeight != 0) { if (shares != 0) {}

2 missing input validation for _balance in burn. If _balance is 0, the amount will be always 0. You have validation for the amount. However, if you have validation for _balance, you can avoid unnecessary execution.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/libraries/NAV.sol#L56

require(_balance != 0, “error message”);

3 use unchecked for the following calculation. The underflow is already checked in if sentence, so you can use the unchecked to save gas costs.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L50-L52

if (totalWeight < IndexLibrary.MAX_WEIGHT) { unchecked { weightOf[maxCapitalizationAsset] += IndexLibrary.MAX_WEIGHT - totalWeight; } }

4 use cache for weightOf[maxCapitalizationAsset] in initialize. weightOf[maxCapitalizationAsset] will be called in event too. You can save gas costs by using cache.

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L50-L53

uint8 _weigtOf = IndexLibrary.MAX_WEIGHT - totalWeight; if (totalWeight < IndexLibrary.MAX_WEIGHT) { weightOf[maxCapitalizationAsset] += _weightOf; } emit UpdateAnatomy(maxCapitalizationAsset, _weightOf);

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter