OpenLeverage contest - rfa's results

Permissionless lending and margin trading protocol that enables traders to long/short any trading pair on DEXs efficiently and securely.

General Information

Platform: Code4rena

Start Date: 27/01/2022

Pot Size: $75,000 USDT

Total HM: 6

Participants: 29

Period: 7 days

Judge: leastwood

Total Solo HM: 6

Id: 72

League: ETH

OpenLeverage

Findings Distribution

Researcher Performance

Rank: 13/29

Findings: 2

Award: $996.99

🌟 Selected for report: 9

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository OpenLeverage

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Auditors

Browse

Contests

Browse

Get in touch

Contact Twitter

Findings Information

🌟 Selected for report: mics

Also found by: Dravee, Ruhum, Tomio, WatchPug, defsec, rfa

Labels

bug

duplicate

G (Gas Optimization)

Awards

7.9461 USDT - $7.95

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L44 all the parameter pointer (memory) can replaced by calldata

#0 - ColaM12
2022-01-28T09:50:06Z

Duplicate to #29

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L53 1 second difference can be ignored to validate distributions[stakeToken].starttime. using > operator can save gas

Tools Used

manual review

Recommended Mitigation Steps

require(block.timestamp > distributions[stakeToken].starttime, "not start");

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L93 instead of using toShare to store oleToken.balanceOf(address(this)).sub(claimable).sub(totalLocked).sub(devFund);. Just use newReward directly to save more gas.

Tools Used

Recommended Mitigation Steps

uint newReward;
        if (fromToken == address(oleToken)) {
            uint claimable = totalRewarded.sub(withdrewReward);
            newReward= oleToken.balanceOf(address(this)).sub(claimable).sub(totalLocked).sub(devFund);
            require(newReward >= amount, 'Exceed OLE balance');

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/eth/EthDexAggregatorV1.sol#L151-L158 better use require() here

Tools Used

Recommended Mitigation Steps

    function calSellAmount(address buyToken, address sellToken, uint24 buyTax, uint24 sellTax, uint buyAmount, bytes memory data) external view override returns (uint sellAmount){
        require(data.isUniV2Class(), 'Unsupported dex'); 
            sellAmount = uniV2CalSellAmount(dexInfo[data.toDex()], buyToken, sellToken, buyAmount, buyTax, sellTax);
    }

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L35

Tools Used

Recommended Mitigation Steps

remove _unsedFactory;

#0 - ColaM12
2022-01-28T09:46:14Z

_unusedFactory is used to satisfied the DexAggregatorInterface which inherit by EthDexAggregator as well.

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L22 we can set the pancakeFacory address directly at line 22. then use constant. (the address has already exist at: https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L28 )

#0 - ColaM12
2022-01-28T09:28:30Z

Currently designed to be compatible with multiple environments which may have different addresses.

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

resolved

sponsor confirmed

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L47

Recommended Mitigation Steps

replace the 2 lines of code by just 1 line:

dexInfo[dexName[i]] = DexInfo(factoryAddr[i], fees[i]);

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas usage

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage- contracts/contracts/dex/bsc/UniV2ClassDex.sol#L15

The implementation of Utils library on BscDexAggregatorV1.sol contract is more gas efficient(remove line 15 on UniV2ClassDex.sol)

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol

#0 - ColaM12
2022-01-28T11:42:39Z

Not improving gas efficiency.

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L183 instead of caching V2PriceOracle. just readit directly to the storage. (use storage as pointer instead of memory)

Recommended Mitigation Steps

        V2PriceOracle storage priceOracle = uniV2PriceOracle[IUniswapV2Pair(pair)];

Findings Information

🌟 Selected for report: rfa

Labels

bug

G (Gas Optimization)

sponsor acknowledged

Awards

104.6634 USDT - $104.66

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/eth/EthDexAggregatorV1.sol#L71-L76 its unnecessary to store msg.sender in the payer. Just pass msg.sender as an argument on buyAmount

Recommended Mitigation Steps

remove line 71

Findings Information

🌟 Selected for report: Tomio

Also found by: rfa

Labels

bug

duplicate

G (Gas Optimization)

Awards

47.0985 USDT - $47.10

External Links

Link to GitHub issue

Handle

rfa

Vulnerability details

Impact

expensive gas

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/dex/bsc/BscDexAggregatorV1.sol#L45 && operatoris using more gas than just using multiple require()

Recommended Mitigation Steps

require(dexName.length == factoryAddr.length, 'EOR');
require(dexName.length == fees.length, 'EOR');

#0 - ColaM12
2022-01-28T09:51:23Z

Duplicate to #63

OpenLeverage contest - rfa's results

Permissionless lending and margin trading protocol that enables traders to long/short any trading pair on DEXs efficiently and securely.

General Information

Findings Distribution

Researcher Performance

External Links

Gas Report - $996.99

Gas Report - $996.99

[G-15] replace memory with calldata - $7.95

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

#0 - ColaM122022-01-28T09:50:06Z

🚀 [G-31] using > instead of >= - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

🚀 [G-32] unnecessary uint declaration - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

🚀 [G-33] use require instead if/else - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

🚀 [G-35] unnecessary _unsedFactory call - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - ColaM122022-01-28T09:46:14Z

🚀 [G-34] set pancakeFactory to constant - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

#0 - ColaM122022-01-28T09:28:30Z

🚀 [G-36] pass the `dexInfo[dexName[i]` value without caching `DexInfo struct` - $104.66

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

#0 - ColaM12
2022-01-28T09:50:06Z

#0 - ColaM12
2022-01-28T09:46:14Z

#0 - ColaM12
2022-01-28T09:28:30Z

#0 - ColaM12
2022-01-28T11:42:39Z

#0 - ColaM12
2022-01-28T09:51:23Z