Platform: Code4rena
Start Date: 25/11/2021
Pot Size: $80,000 USDC
Total HM: 35
Participants: 32
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 27
Id: 59
League: ETH
Rank: 20/32
Findings: 3
Award: $624.99
🌟 Selected for report: 2
🚀 Solo Findings: 0
nathaniel
In emergencyWithdrawGAS and partialWithdrawGAS the success of the low level call is not checked. Although if just looking at the functions individually it may not seem like an issue, but it is totally feasible that these functions will be run in the context of more critical executions dependant on the successful transfer of ether. If the call failed but was not checked, it could lead to unexpected consequences.
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Permissions.sol#L80-L86 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Permissions.sol#L97-L102
manual
Add a require check on the successful execution of the call.
#0 - 0xScotch
2021-12-08T16:18:26Z
#329
#1 - GalloDaSballo
2022-01-22T15:33:26Z
Duplicate of #329
🌟 Selected for report: nathaniel
56.5245 USDC - $56.52
nathaniel
The code in getCollateralValueInMalt of ImpliedCollateralService.sol, can leverage the totalUsefulCollateral function, reducing code size and gas cost when calling the contract.
manual
Remove L108-L110, then in the return of getCollateralValueInMalt return totalUsefulCollateral().mul(target).div(maltPrice) + swingTraderMaltBalance
#0 - GalloDaSballo
2021-12-31T19:59:45Z
As shown by the warden you can reuse some of the code, reducing bytecode size
15.2616 USDC - $15.26
nathaniel
In userClaimableArbTokens function of Auction.sol, redundant if (auction.finalPrice) check as the function would have already returned 0 at line 285.
In purchaseArbitrageTokens function of Auction.sol, redundant check of require(auction.startingTime <= now, "Auction hasn't started yet") and require(auction.active == true, "Auction is not active") , as both are already checked in require(auctionActive(currentAuctionId), "No auction running").
Would also suggest putting require(auction.endingTime >= now, "Auction is already over") at the top of the function to reduce gas cost to the user in the scenario it reverts.
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Auction.sol#L298 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Auction.sol#L285 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Auction.sol#L188-L190 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Auction.sol#L178
manual
#0 - 0xScotch
2021-12-08T17:23:04Z
#49
#1 - GalloDaSballo
2022-01-01T14:56:22Z
Duplicate of #49
🌟 Selected for report: nathaniel
56.5245 USDC - $56.52
nathaniel
A large portion of the unbond and unbondAndBreak code of Bonding.sol is the same, to reduce code bloat and gas when calling the contract
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/Bonding.sol#L97-L109
Manual
I would suggest wrapping the duplicated code into an internal function called by unbond and unbondAndBreak.
#0 - GalloDaSballo
2022-01-01T14:35:18Z
There's definitely duplication, because of how the code is written refactoring may not be trivial