Phuture Finance contest - rfa's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Platform: Code4rena

Start Date: 19/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 43

Period: 3 days

Judges: moose-code, JasoonS

Total Solo HM: 7

Id: 90

League: ETH

Phuture Finance

Findings Distribution

Researcher Performance

Rank: 36/43

Findings: 1

Award: $29.76

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Phuture Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, Dravee, Kenshin, MaratCerby, Tadashi, TerrierLover, Tomio, TrungOre, defsec, ellahi, fatherOfBlocks, fatima_naz, gzeon, joestakey, kenta, minhquanym, oyc_109, rayn, rfa, robee, simon135, slywaters, windhustler, z3s

Awards

29.7589 USDC - $29.76

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

Gas

Title: Using < is less effective than !=

Occurence: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L76 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L98

Instead of using > as operator for validate value is not zero, Using =! Is more effective for gas optimization.

Title: Using && is less effective than using multiple require()

Occurence: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86 Using && operator cost more execution gas fee. Use multiple require checks to save gas https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L29-L34

Change to:

        require(basePrice > 0, "ChainlinkPriceOracle: NEGATIVE");
        require(quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE");

Defined by using error statement, and using if(condition)revert() to check the condition. It can be implemented for all require() statement for gas opt.

Title: Using unchecked for ++i

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L60 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L102 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L125 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L30 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapIndex.sol#L48 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapReweightingLogic.sol#L51 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapReweightingLogic.sol#L37

Its almost impossible for i to overflow. Using unchecked can save execution gas cost Change to:

	for (uint i; i < inactiveAssets.length(); ++i) {
            if (!IAccessControl(registry).hasRole(SKIPPED_ASSET_ROLE, inactiveAssets.at(i))) {
                uint lastBalanceInAsset = IvToken(
                    IvTokenFactory(vTokenFactory).createOrReturnVTokenOf(inactiveAssets.at(i))
                ).lastAssetBalanceOf(address(this));
                lastAssetBalanceInBase += lastBalanceInAsset.mulDiv(
                    FixedPoint112.Q112,
                    oracle.refreshedAssetPerBaseInUQ(inactiveAssets.at(i))
                );
            }
	unchecked{++i} // @audit-info: Add here
        }

Phuture Finance contest - rfa's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Findings Distribution

Researcher Performance

External Links

[G-23] Gas Report - $29.76

Findings Information

Awards

Labels

External Links