prePO contest - minhquanym's results

Gain exposure to pre-IPO companies & pre-token projects.

General Information

Platform: Code4rena

Start Date: 17/03/2022

Pot Size: $30,000 USDC

Total HM: 8

Participants: 43

Period: 3 days

Judge: gzeon

Total Solo HM: 5

Id: 100

League: ETH

prePO

Findings Distribution

Researcher Performance

Rank: 27/43

Findings: 2

Award: $80.30

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository prePO

Findings Information

🌟 Selected for report: defsec

Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, 0xwags, CertoraInc, Funen, GeekyLumberjack, GreyArt, IllIllI, Kenshin, Ruhum, TerrierLover, WatchPug, berndartmueller, bugwriter001, cccz, cmichel, csanuragjain, hake, kenta, kirk-baird, leastwood, minhquanym, oyc_109, peritoflores, rayn, remora, rfa, robee, saian, samruna, sorrynotsorry, wuwe1

Awards

51.8842 USDC - $51.88

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

1. Variable `_initialAmount` in function `hook` is unused.

Impact

Function hook in DepositHook.sol had an input variable _initialAmount but didn’t use anywhere in the function. Same issue with _initialAmount in WithdrawHook.sol

Proof of concept

Recommended Mitigation Steps

Remove variable _initialAmount

#0 - ramenforbreakfast
2022-03-22T22:44:23Z

duplicate of #5

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xkatana, 0xngndev, 0xwags, CertoraInc, Funen, GreyArt, IllIllI, Jujic, Kenshin, Kiep, Tadashi, TerrierLover, Tomio, WatchPug, berndartmueller, defsec, hake, kenta, minhquanym, oyc_109, rayn, rfa, robee, saian, samruna

Awards

28.4169 USDC - $28.42

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

1. Gas savings by remove unnecessary variable when calculate `_amountToDeposit` or `_amountWithdrawn`

Impact

Variable _valueAfter is unnecessary to keep in memory when we only use it to calculate _amountToDeposit once.

Proof of concept

https://github.com/code-423n4/2022-03-prepo/blob/f63584133a0329781609e3f14c3004c1ca293e71/contracts/core/Collateral.sol#L75-L79 https://github.com/code-423n4/2022-03-prepo/blob/f63584133a0329781609e3f14c3004c1ca293e71/contracts/core/Collateral.sol#L151-L155

Recommended Mitigation Steps

For example, change line 78-79 to

_amountToDeposit = _strategyController.totalValue() - _valueBefore;

#0 - ramenforbreakfast
2022-03-22T22:43:37Z

Disputable suggestion, there is value in readability in keeping valueAfter separate. Marking this as duplicate since #41 covers this and is a higher quality submission imo.

prePO contest - minhquanym's results

Gain exposure to pre-IPO companies & pre-token projects.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-22] QA Report - $51.88

Findings Information

Awards

Labels

External Links

1. Variable _initialAmount in function hook is unused.

Impact

Proof of concept

Recommended Mitigation Steps

#0 - ramenforbreakfast2022-03-22T22:44:23Z

[G-02] Gas Report - $28.42

Findings Information

Awards

Labels

External Links

1. Gas savings by remove unnecessary variable when calculate _amountToDeposit or _amountWithdrawn

Impact

Proof of concept

Recommended Mitigation Steps

#0 - ramenforbreakfast2022-03-22T22:43:37Z

1. Variable `_initialAmount` in function `hook` is unused.

#0 - ramenforbreakfast
2022-03-22T22:44:23Z

1. Gas savings by remove unnecessary variable when calculate `_amountToDeposit` or `_amountWithdrawn`

#0 - ramenforbreakfast
2022-03-22T22:43:37Z