FairSide contest - pants's results

Decentralized Cost Sharing Network.

General Information

Platform: Code4rena

Start Date: 09/11/2021

Pot Size: $30,000 ETH

Total HM: 6

Participants: 17

Period: 3 days

Judge: pauliax

Total Solo HM: 3

Id: 50

League: ETH

FairSide

Findings Distribution

Researcher Performance

Rank: 11/17

Findings: 2

Award: $180.85

🌟 Selected for report: 1

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository FairSide

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: ye0lde

Also found by: JMukesh, gzeon, leastwood, pants

Labels

bug

duplicate

1 (Low Risk)

Awards

0.0172 ETH - $81.35

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

These files has open TODOs:

ABC.sol
FSDNetwork.sol

Impact

Open TODOs can hint at programming or architectural errors that still need to be fixed.

Tool Used

Manual code review.

Recommended Mitigation Steps

Resolve these TODOs and bubble up the errors.

#0 - YunChe404
2021-11-14T16:15:30Z

The TODO comment in FSDNetwork.sol appears to be a left-over.

#1 - pauliax
2021-11-17T15:02:15Z

A duplicate of #41

Findings Information

🌟 Selected for report: ye0lde

Also found by: WatchPug, elprofesor, pants

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.0028 ETH - $13.41

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.

For example line 146, 150 of FairSideConviction.sol

look at https://github.com/code-423n4/2021-09-sushimiso-findings/issues/134

#0 - pauliax
2021-11-16T21:50:13Z

A duplicate of #43

Findings Information

🌟 Selected for report: Reigada

Also found by: pants

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.007 ETH - $33.11

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

At FairSideDAO.sol lines 344, 508, 552 and TributeAccural.sol lines 83, 86 you use i++ instead of ++i to increase the loop index.

++i is more gas efficient and this improves every iteration and save gas. This is a relatively small and important change that we recommend to apply.

#0 - pauliax
2021-11-16T22:38:56Z

A duplicate of #89

Findings Information

🌟 Selected for report: pants

Also found by: ye0lde

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

0.007 ETH - $33.11

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

At getActions - FairSideDAO.sol lines 272 you return using both named return and actual return statement. To save gas and improve code quality consider using only one of those.

function getActions(uint256 proposalId)
    public
    view
    returns (
        address[] memory targets,
        uint256[] memory values,
        string[] memory signatures,
        bytes[] memory calldatas
    )
{
    Proposal storage p = proposals[proposalId];
    return (p.targets, p.values, p.signatures, p.calldatas);
}

#0 - pauliax
2021-11-16T23:03:26Z

Valid optimization. #40 mentions one more place where this suggestion can be applied.

Findings Information

🌟 Selected for report: Reigada

Also found by: hyh, pants

Labels

bug

duplicate

G (Gas Optimization)

Awards

0.0042 ETH - $19.87

External Links

Link to GitHub issue

Handle

pants

Vulnerability details

The following functions could be set external instead of public to save gas. FairSideDao.sol function cancel FairSideDao.sol function execute FairSideDao.sol function queue Migrations.sol function setCompleted

external functions are cheaper than public functions.

Proof of Concept

https://gus-tavo-guim.medium.com/public-vs-external-functions-in-solidity-b46bcf0ba3ac

Tool Used

Manual code review.

Recommended Mitigation Steps

Define those functions as external.

#0 - YunChe404
2021-11-14T16:06:40Z

Please remove any references to Migration.sol.

#1 - pauliax
2021-11-17T10:29:07Z

A duplicate of #88

FairSide contest - pants's results

Decentralized Cost Sharing Network.

General Information

Findings Distribution

Researcher Performance

External Links

QA Report - $81.35

Gas Report - $99.50

QA Report - $81.35

Gas Report - $99.50

[L-04] Open TODOs - $81.35

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Vulnerability details

Impact

Tool Used

Recommended Mitigation Steps

#0 - YunChe4042021-11-14T16:15:30Z

#1 - pauliax2021-11-17T15:02:15Z

[G-02] Shorten require strings - $13.41

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

#0 - pauliax2021-11-16T21:50:13Z

[G-03] ++i is more gas efficient then i++ - $33.11

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

#0 - pauliax2021-11-16T22:38:56Z

🌟 [G-04] redundant named return issue - $33.11

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

#0 - pauliax2021-11-16T23:03:26Z

[G-15] public to external - $19.87

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Proof of Concept

Tool Used

Recommended Mitigation Steps

#0 - YunChe4042021-11-14T16:06:40Z

#1 - pauliax2021-11-17T10:29:07Z

#0 - YunChe404
2021-11-14T16:15:30Z

#1 - pauliax
2021-11-17T15:02:15Z

#0 - pauliax
2021-11-16T21:50:13Z

#0 - pauliax
2021-11-16T22:38:56Z

#0 - pauliax
2021-11-16T23:03:26Z

#0 - YunChe404
2021-11-14T16:06:40Z

#1 - pauliax
2021-11-17T10:29:07Z