Back to leosathya's contests

Inverse Finance contest - leosathya's results

Rethink the way you borrow.

General Information

Platform: Code4rena

Start Date: 25/10/2022

Pot Size: $50,000 USDC

Total HM: 18

Participants: 127

Period: 5 days

Judge: 0xean

Total Solo HM: 9

Id: 175

League: ETH

Inverse Finance

Findings Distribution

Researcher Performance

Rank: 49/127

Findings: 3

Award: $56.12

QA:
grade-b
Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryInverse Finance

Findings Information

🌟 Selected for report: rbserver

Also found by: 0x1f8b, 0xNazgul, 0xc0ffEE, 8olidity, Aymen0909, Chom, Franfran, Jeiwan, Jujic, Lambda, M4TZ1P, Olivierdem, Rolezn, Ruhum, TomJ, Wawrdog, __141345__, bin2chen, c7e7eff, carlitox477, catchup, cccz, codexploder, cuteboiz, d3e4, dipp, djxploit, eierina, elprofesor, hansfriese, horsefacts, idkwhatimdoing, imare, immeas, joestakey, ladboy233, leosathya, martin, minhtrng, pashov, peanuts, pedroais, rokinot, rvierdiiev, saneryee, sorrynotsorry, tonisives

Awards

0.385 USDC - $0.38

Labels

bug
2 (Med Risk)
satisfactory
duplicate-584

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L82 https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L116

Vulnerability details

Impact

The Chainlink API (latestAnswer) used in the Oracle.sol contract is deprecated:

This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Docs

Tools Used

Manual Review

Use the latestRoundData function to get the price instead. Add checks on the return data with proper revert messages if the price is stale or the round is uncomplete, for example:

(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = feeds[token].feed.latestRoundData(); require(price > 0, "Chainlink price <= 0"); require(answeredInRound >= roundID, "..."); require(timeStamp != 0, "...");

#0 - neumoxx

2022-10-31T08:47:20Z

Duplicate of #601

#1 - c4-judge

2022-11-05T17:55:28Z

0xean marked the issue as duplicate

#2 - Simon-Busch

2022-12-05T15:23:33Z

Issue marked as satisfactory as requested by 0xean

#3 - c4-judge

2022-12-07T08:14:13Z

Simon-Busch marked the issue as duplicate of #584

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: 0xNazgul, 0xSmartContract, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, ElKu, JC, Josiah, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Waze, __141345__, adriro, aphak5010, brgltd, c3phas, c7e7eff, carlitox477, cducrest, ch0bu, chrisdior4, cryptonue, cryptostellar5, cylzxje, d3e4, delfin454000, enckrish, evmwanderer, fatherOfBlocks, gogo, hansfriese, horsefacts, immeas, leosathya, lukris02, neumo, oyc_109, pedr02b2, rbserver, robee, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, tnevler, trustindistrust, wagmi

Awards

36.7345 USDC - $36.73

Labels

bug
QA (Quality Assurance)
edited-by-warden
grade-b
Q-01

External Links

Link to GitHub issue

[L-01] ERC20 transfer() AND transferFrom() FUNCTIONS USED FOR TOKEN TRANSFER AND ITS RETURN VALUE IS IGNORED

Not all IERC20 implementations revert() when there’s a failure in transfer()/transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a payment

There are 9 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L205 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L280 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L399 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L537 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L570 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L602 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L135 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L63 ** File : src/escrows/SimpleERC20Escrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/SimpleERC20Escrow.sol#L38

There atleast should be require() condition to check return value of transfer()/transferFrom() function. Or, use safeERC20 library from Openzeppelin. Use safeTransfer()/safeTransferFrom() or at least implement a return value check for ERC20 transfer() function

[L-02] FLOATING PRAGMA IS USED

There are 8 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L02 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L02 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L02 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L02 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L02 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L02 ** File : src/escrows/SimpleERC20Escrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/SimpleERC20Escrow.sol#L02 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L02

its recommended to lock pragma. Contract should deploy with that compiler version with whom it was tested

[L-03] ABSENCE OF ZERO ADDRESS CHECK FOR RECEIVER ADDRESS IN transfer() and transferFrom() FUNCTION

Due to absence of zero address check for receiver address in transfer() and transferFrom() functions, this may lead to token loss. As there are special functions present for token burning in contract, so i consider this as a small bug.

There are 2 instances of this issue:

** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L188-202 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L170-178

There should be require() that validate a perticular address is zero address or not

[L-04] Absence of Zero address check for critical state variable addresses

There are 7 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L77-L80 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L39-L40 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L39 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L14 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L32 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L34 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L48

There should be require() that validate a perticular address is zero address or not

[L-05] CONSIDER ADDINGS CHECKS FOR SIGNATURE MALLEABILITY

The ecrecover() function returns an address of zero when the signature does not match. This can cause problems if address zero is ever the owner of assets, and someone uses the permit function on address zero. If that happens, any invalid signature will pass the checks, and the assets will be stealable. In this case, the asset of concern is the vault’s ERC20 token, and fortunately OpenZeppelin’s implementation does a good job of making sure that address zero is never able to have a positive balance. If this contract ever changes to another ERC20 implementation that is laxer in its checks in favor of saving gas, this code may become a problem.

There are 4 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L104 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L425 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L489 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L226

Use OpenZeppelin’s ECDSA contract rather than calling ecrecover() directly

[L-06] MISSING EVENTS FOR ONLY FUNCTIONS THAT CHANGE CRITICAL PARAMETERS

The functions that change critical parameters should emit events. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services. The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.

There are multiple instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L118 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L124 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L136 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L142 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L149 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L161 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L172 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L183 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L194

Recommended to emit events on critical variable change

[N-01] Some require statements don't have any error message

There are 1 instances of this issue:

** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L93

There should be a error message which signifies revert reason.

#0 - c4-judge

2022-11-07T19:45:34Z

0xean marked the issue as grade-b

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x1f8b, 0xRoxas, 0xSmartContract, Amithuddar, Aymen0909, B2, Bnke0x0, Chandr, CloudX, Deivitto, Diana, Dinesh11G, ElKu, HardlyCodeMan, JC, JrNet, KoKo, Mathieu, Ozy42, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Shinchan, __141345__, adriro, ajtra, aphak5010, ballx, c3phas, carlitox477, ch0bu, chaduke, cryptostellar5, djxploit, durianSausage, enckrish, exolorkistis, fatherOfBlocks, gogo, horsefacts, kaden, karanctf, leosathya, martin, mcwildy, oyc_109, ret2basic, robee, sakman, sakshamguruji, shark, skyle, tnevler

Awards

19.0072 USDC - $19.01

Labels

bug
G (Gas Optimization)
edited-by-warden
grade-b
G-01

External Links

Link to GitHub issue

[G-01] Use of custom errors are more efficient than require()/revert() with error message

Custom errors are available from solidity version 0.8.4. Custom errors save ~50 gas each time they’re hitby avoiding having to allocate and store the revert string. Not defining the strings also save deployment gas

There are Multiple instances of this issue:

require() with long error message length more than 32bytes can replace with custom error message to save gas.

[G-02] Split require() statement that use && operator can help in save gas

There are 6 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L75 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L162 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L173 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L184 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L195 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L448

[G-03] ABI.ENCODE() is less efficient than ABI.ENCODEPACKED()

There is 4 instance of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L495 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L431 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L232 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L269

[G-04] Function that guaranteed to revert when called by normal user can be marked payable

If a function modifier such as onlyOwner, onlyMarket, onlyGov and etc is used, the function will revert if a normal user tries to call the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.

There are 29 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L118 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L124 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L136 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L142 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L149 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L161 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L172 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L183 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L194 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L48 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L57 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L66 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L75 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L86 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L103 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L53 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L62 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L81 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L90 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L99 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L26 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L32 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L38 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L44 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L53 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L61 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L66 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L43 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L66 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L59 ** File : src/escrows/SimpleERC20Escrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/SimpleERC20Escrow.sol#L36

[G-05] Some public function could be external for saving gas

There are 63 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L118 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L124 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L136 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L142 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L149 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L161 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L172 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L183 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L194 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L212 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L258 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L267 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L312 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L578 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L422 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L486 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L520 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L546 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L559 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L48 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L57 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L66 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L75 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L86 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L103 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L120 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L131 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L53 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L62 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L81 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L90 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L99 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L109 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L120 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L133 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L146 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L158 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L170 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L192 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L223 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L258 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L262 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L284 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L300 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L313 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L26 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L32 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L38 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L46 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L44 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L53 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L61 ** File : src/Oracle.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Oracle.sol#L66 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L43 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L66 ** File : src/escrows/GovTokenEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/GovTokenEscrow.sol#L52 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L59 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L70 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L79 ** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L90 ** File : src/escrows/SimpleERC20Escrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/SimpleERC20Escrow.sol#L36 ** File : src/escrows/SimpleERC20Escrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/SimpleERC20Escrow.sol#L45

[G-06] Variable should be cached to memory and then used further

State Variable "collateralFactorBps" should be cached in function getWithdrawalLimit()

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L370-L380

[G-07] <x> += <y> costs more gas than <x> = <x> + <y> for state variables

There are 17 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L395 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L397 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L534 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L535 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L565 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L568 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L598-L600 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L91-L92 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L110-L111 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L172 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L174 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L196 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L198 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L288-L289 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L304 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L316 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L332

[G-08] Unchecking those arithmetic operation which can't overflow or underflow can save gas

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isn’t possible (as an example, when a comparison is made before the arithmetic operation), some gas can be saved by using an unchecked block: https://docs.soliditylang.org/en/v0.8.10/control-structures.html#checked-or-unchecked-arithmetic

There are 4 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L438 ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L ** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L521 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L259

[G-09] > 0 IS LESS EFFICIENT THAN != 0 FOR UNSIGNED INTEGERS (WITH PROOF)

!= 0 costs less gas compared to > 0 for unsigned integers in require statements with the optimizer enabled (6 gas)

There are 4 instances of this issue:

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L561 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L133 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L63 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L328

[G-10] Same require() statement used multiple times

When same require() condition is repeatedly used in multiple functions, it will more efficient to enclose that require() inside a modifier and use it with functions, This help in deployment gas saving

require(msg.sender == gov, "ONLY GOV"); used multiple times as following

** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L49 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L58 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L67

require(msg.sender == chair, "ONLY CHAIR"); used multiple times as following

** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L76 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L87 ** File : src/Fed.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Fed.sol#L104

[G-11] Using Bools for storage incurs overhead

Booleans are more expensive than uint256 or any type that takes up a full word because each write operation emits an extra SLOAD to first read the slot's contents, replace the bits taken up by the boolean, and then write back. This is the compiler's defense against contract upgrades and pointer aliasing, and it cannot be disabled.

There are 3 instances of this issue:

** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L24 ** File : src/DBR.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L25 ** File : src/BorrowController.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/BorrowController.sol#L11

Use uint256(1) and uint256(2) for true/false to avoid a Gwarmaccess (100 gas) for the extra SLOAD, and to avoid Gsset (20000 gas) when changing from ‘false’ to ‘true’, after having been ‘true’ in the past

[G-12] Divide before Multiply cause precision loss

uint invBalanceInXInv = xINV.balanceOf(address(this)) * xINV.exchangeRateStored() / 1 ether;

** File : src/escrows/INVEscrow.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/escrows/INVEscrow.sol#L72

should be uint invBalanceInXInv = (xINV.balanceOf(address(this)) * xINV.exchangeRateStored()) / 1 ether;

[G-13] State Variable that can declare as CONSTANT

** File : src/Market.sol** => https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L44

#0 - c4-judge

2022-11-05T23:35:41Z

0xean marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter