Back to oyc_109's contests

Backd Tokenomics contest - oyc_109's results

Maximize the power of your assets and start earning yield

General Information

Platform: Code4rena

Start Date: 27/05/2022

Pot Size: $75,000 USDC

Total HM: 20

Participants: 58

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 15

Id: 131

League: ETH

Backd

Findings Distribution

Researcher Performance

Rank: 31/58

Findings: 2

Award: $171.81

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBackd

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xNazgul, 0xf15ers, BowTiedWardens, Chom, Funen, Kaiziron, Kumpa, MiloTruck, Picodes, Ruhum, SecureZeroX, Sm4rty, SmartSek, StyxRave, WatchPug, Waze, asutorufos, bardamu, berndartmueller, c3phas, catchup, cccz, codexploder, cryptphi, defsec, delfin454000, dipp, fatherOfBlocks, gzeon, hake, hansfriese, hyh, masterchief, oyc_109, sach1r0, sashik_eth, shenwilly, simon135, unforgiven

Awards

113.8755 USDC - $113.88

Labels

bug
QA (Quality Assurance)
sponsor disputed

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/AmmGauge.sol#L130-L135

Vulnerability details

description

The unstakeFor function of the AmmGauge contract is updating the balances of msg.sender after a token transfer.

Solidity recommends the usage of the Check-Effects-Interaction Pattern to avoid potential security issues, such as reentrancy.

The unstakeFor function can be used to conduct a reentrancy attack, if the ammToken is token with a hook on receive, such as ERC777

/2022-05-backd/protocol/contracts/tokenomics/AmmGauge.sol
130:         uint256 oldBal = IERC20(ammToken).balanceOf(address(this));
131:         IERC20(ammToken).safeTransfer(dst, amount);
132:         uint256 newBal = IERC20(ammToken).balanceOf(address(this));
133:         uint256 unstaked = oldBal - newBal;
134:         balances[msg.sender] -= unstaked;
135:         totalStaked -= unstaked;

#0 - samwerner

2022-06-01T15:25:36Z

The AMM LP token that will be used will not be an ERC777 token. It can be assumed that it'll be an ERC20 token.

#1 - GalloDaSballo

2022-06-18T00:41:30Z

Dup of #19

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135

Awards

57.93 USDC - $57.93

Labels

bug
G (Gas Optimization)
resolved
sponsor confirmed

External Links

Link to GitHub issue

cache in variables instead of loading

description

The code can be optimized by minimising the number of SLOADs. SLOADs are expensive (100 gas) compared to MLOADs/MSTOREs (3 gas).

findings

array lengths should be cached

/2022-05-backd/protocol/contracts/access/RoleManager.sol
82: for (uint256 i; i < roles.length; i = i.uncheckedInc()) {

/2022-05-backd/protocol/contracts/RewardHandler.sol
42: for (uint256 i; i < pools.length; i = i.uncheckedInc()) {
259: for (uint256 i; i < actions.length; i = i.uncheckedInc()) {

/2022-05-backd/protocol/contracts/tokenomics/FeeBurner.sol
56: for (uint256 i; i < tokens_.length; i = i.uncheckedInc()) {

/2022-05-backd/protocol/contracts/tokenomics/InflationManager.sol
116: for (uint256 i; i < stakerVaults.length; i = i.uncheckedInc()) {

/2022-05-backd/protocol/contracts/tokenomics/VestedEscrow.sol
94: for (uint256 i; i < amounts.length; i = i.uncheckedInc()) {

use calldata instead of memory

description

Use calldata instead of memory for function parameters saves gas if the function argument is only read.

findings

/2022-05-backd/protocol/contracts/tokenomics/FeeBurner.sol
43: function burnToTarget(address[] memory tokens_, address targetLpToken_)

named returns and a return statement isn’t necessary

description

Removing unused named returns variables can reduce gas usage (MSTOREs/MLOADs) and improve code clarity. To save gas and improve code quality: consider using only one of those.

findings

/2022-05-backd/protocol/contracts/tokenomics/FeeBurner.sol
47: returns (uint256 received)

using prefix increments save gas

description

Prefix increments are cheaper than postfix increments, eg ++i rather than i++

findings

/2022-05-backd/protocol/contracts/tokenomics/KeeperGauge.sol
98: epoch++;

use custom errors

description

use custom errors instead of revert strings

If the contract(s) in scope allow using Solidity >=0.8.4, consider using Custom Errors as they are more gas efficient while allowing developers to describe the error in detail using NatSpec.

findings

eg

/2022-05-backd/protocol/contracts/tokenomics/VestedEscrow.sol
82: require(!initializedSupply, "Supply already initialized once");

#0 - GalloDaSballo

2022-06-18T19:34:27Z

cache in variables instead of loading

Saves 3 gas per instance 3 * 6 = 18

use calldata instead of memory

As with all other submissions, no math = 0 points

named returns and a return statement isn’t necessary

Should save 3 gas (MSTORE of 0 value)

using prefix increments save gas

Saves 5 gas

## use custom errors No math = no points

Total Gas Saved 26

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter