Platform: Code4rena
Start Date: 15/06/2022
Pot Size: $30,000 USDC
Total HM: 5
Participants: 55
Period: 3 days
Judge: Jack the Pug
Id: 138
League: ETH
Rank: 23/55
Findings: 2
Award: $135.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xFar5eer, 0xNazgul, 0xNineDec, 242, Chom, Czar102, Funen, GimelSec, Meera, Picodes, Sm4rty, Tadashi, TerrierLover, Waze, _Adam, a12jmx, asutorufos, codexploder, cryptphi, defsec, gzeon, hyh, joestakey, minhquanym, oyc_109, reassor, robee, saian, sorrynotsorry, unforgiven, zzzitron
67.0879 USDC - $67.09
To improve algorithm precision instead using division in comparison use multiplication in the following scenario:
Instead a < b / c use a * c < b.
In all of the big and trusted contracts this rule is maintained.
MyStrategy.sol, 205, require(max >= _amount.mul(9_980).div(MAX_BPS), "Withdrawal Safety Check");
You use safeApprove of openZeppelin although it's deprecated. (see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38) You should change it to increase/decrease Allowance as OpenZeppilin says.
Deprecated safeApprove in MyStrategy.sol line 67: WETH.safeApprove(address(BALANCER_VAULT), type(uint256).max); Deprecated safeApprove in MyStrategy.sol line 66: AURABAL.safeApprove(address(BALANCER_VAULT), type(uint256).max); Deprecated safeApprove in MyStrategy.sol line 64: AURA.safeApprove(address(LOCKER), type(uint256).max);
external / public functions parameters should be validated to make sure the address is not 0. Otherwise if not given the right input it can mistakenly lead to loss of user funds.
MyStrategy.sol.initialize _vault MyStrategy.sol.manualSetDelegate delegate
WETH address is hardcoded but it may differ on other chains, e.g. Polygon, so make sure to check this before deploying and update if necessary You should consider injecting WETH address via the constructor. (previous issue: https://github.com/code-423n4/2021-10-ambire-findings/issues/54)
Hardcoded weth address in MyStrategy.sol
Most contracts use an init pattern (instead of a constructor) to initialize contract parameters. Unless these are enforced to be atomic with contact deployment via deployment script or factory contracts, they are susceptible to front-running race conditions where an attacker/griefer can front-run (cannot access control because admin roles are not initialized) to initially with their own (malicious) parameters upon detecting (if an event is emitted) which the contract deployer has to redeploy wasting gas and risking other transactions from interacting with the attacker-initialized contract.
Many init functions do not have an explicit event emission which makes monitoring such scenarios harder. All of them have re-init checks; while many are explicit some (those in auction contracts) have implicit reinit checks in initAccessControls() which is better if converted to an explicit check in the main init function itself. (details credit to: https://github.com/code-423n4/2021-09-sushimiso-findings/issues/64) The vulnerable initialization functions in the codebase are:
MyStrategy.sol, initialize, 56
The following functions are missing reentrancy modifier although some other pulbic/external functions does use reentrancy modifer. Even though I did not find a way to exploit it, it seems like those functions should have the nonReentrant modifier as the other functions have it as well..
MyStrategy.sol, reinvest is missing a reentrancy modifier MyStrategy.sol, initialize is missing a reentrancy modifier
From solidity docs: Properly functioning code should never reach a failing assert statement; if this happens there is a bug in your contract which you should fix. With assert the user pays the gas and with require it doesn't. The ETH network gas isn't cheap and users can see it as a scam.
MyStrategy.sol : reachable assert in line 56
Those are functions and parameters pairs that the function doesn't use the parameter. In case those functions are external/public this is even worst since the user is required to put value that never used and can misslead him and waste its time.
MyStrategy.sol: function performUpkeep parameter performData isn't used. (performUpkeep is external) MyStrategy.sol: function checkUpkeep parameter checkData isn't used. (checkUpkeep is external)
Open TODOs can hint at programming or architectural errors that still need to be fixed. These files has open TODOs:
Open TODO in MyStrategy.sol line 283 : // TODO: Hardcode claim.account = address(this)?
Open TODO in MyStrategy.sol line 421 : // TODO: Too many SLOADs
Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address.
https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L326 https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L429 https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L112 https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L423
From solidity docs: Properly functioning code should never reach a failing assert statement; if this happens there is a bug in your contract which you should fix. With assert the user pays the gas and with require it doesn't. The ETH network gas isn't cheap and users can see it as a scam.
MyStrategy.sol : reachable assert in line 56
Those are functions and parameters pairs that the function doesn't use the parameter. In case those functions are external/public this is even worst since the user is required to put value that never used and can misslead him and waste its time.
MyStrategy.sol: function performUpkeep parameter performData isn't used. (performUpkeep is external) MyStrategy.sol: function checkUpkeep parameter checkData isn't used. (checkUpkeep is external)
To give more trust to users: functions that set key/critical variables should be put behind a timelock.
https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L92 https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L98 https://github.com/code-423n4/2022-06-badger/tree/main/MyStrategy.sol#L86
-------- med ---------
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
approve without approving 0 first MyStrategy.sol, 64, AURA.safeApprove(address(LOCKER), type(uint256).max);
approve without approving 0 first MyStrategy.sol, 66, AURABAL.safeApprove(address(BALANCER_VAULT), type(uint256).max);
approve without approving 0 first MyStrategy.sol, 67, WETH.safeApprove(address(BALANCER_VAULT), type(uint256).max);
#0 - GalloDaSballo
2022-06-19T00:21:17Z
Would like to see the actual code example
We use it only once to set max approval, which is the proper usage afaik
Quantstamp would agree
This is a mainnet only strategy as AURA is only on mainnet
Disagree per our scripts, we deploy + initialize in the constructor of the proxy
##Â Missing non reentrancy modifier Disagree as target contracts are known
I believe this is the one time assert is a good idea as the deployment has to fail
This is to conform to chainlinks interface
Agree
Not sure what he means
Cannot prove this on the contract, maybe the governance is a timelock and there's no way of ever telling
##Â Must approve 0 first Disagree as we approve once at initialization time
68.0654 USDC - $68.07
Caching the array length is more gas efficient. This is because access to a local variable in solidity is more efficient than query storage / calldata / memory. We recommend to change from:
for (uint256 i=0; i<array.length; i++) { ... }
to:
uint len = array.length for (uint256 i=0; i<len; i++) { ... }
MyStrategy.sol, _claims, 317 MyStrategy.sol, _claims, 300
Prefix increments are cheaper than postfix increments.
Further more, using unchecked {++x} is even more gas efficient, and the gas saving accumulates every iteration and can make a real change
There is no risk of overflow caused by increamenting the iteration index in for loops (the ++i in for (uint256 i = 0; i < numIterations; ++i)).
But increments perform overflow checks that are not necessary in this case.
These functions use not using prefix increments (++x) or not using the unchecked keyword:
change to prefix increment and unchecked: MyStrategy.sol, i, 317 just change to unchecked: MyStrategy.sol, i, 153 change to prefix increment and unchecked: MyStrategy.sol, i, 118 change to prefix increment and unchecked: MyStrategy.sol, i, 300
In for loops you initialize the index to start from 0, but it already initialized to 0 in default and this assignment cost gas. It is more clear and gas efficient to declare without assigning 0 and will have the same meaning:
MyStrategy.sol, 300 MyStrategy.sol, 317 MyStrategy.sol, 118
You can change the order of the storage variables to decrease memory uses.
In MyStrategy.sol,rearranging the storage fields can optimize to: 14 slots from: 15 slots. The new order of types (you choose the actual variables): 1. IBribesProcessor 2. IBalancerVault 3. IAuraLocker 4. IERC20Upgradeable 5. IERC20Upgradeable 6. IERC20Upgradeable 7. IERC20Upgradeable 8. IERC20Upgradeable 9. bytes32 10. bytes32 11. bytes32 12. uint256 13. address 14. bool 15. bool 16. bool 17. address
You can inline the following functions instead of writing a specific function to save gas. (see https://github.com/code-423n4/2021-11-nested-findings/issues/167 for a similar issue.)
MyStrategy.sol, _getBalance, { return IVault(vault).balance(); } MyStrategy.sol, _getPricePerFullShare, { return IVault(vault).getPricePerFullShare(); } MyStrategy.sol, _isTendable, { return false; // Change to true if the strategy should be tended }
The following functions are used exactly once. Therefore you can inline them and save gas and improve code clearness.
MyStrategy.sol, _sendBadgerToTree MyStrategy.sol, _sendTokenToBribesProcessor MyStrategy.sol, _notifyBribesProcessor
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
The advantages of versions 0.8.* over <0.8.0 are:
1. Safemath by default from 0.8.0 (can be more gas efficient than library based safemath.) 2. Low level inliner : from 0.8.2, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For example, OpenZeppelin libraries typically have a lot of small helper functions and if they are not inlined, they cost an additional 20 to 40 gas because of 2 extra jump instructions and additional stack operations needed for function calls. 3. Optimizer improvements in packed structs: Before 0.8.3, storing packed structs, in some cases used an additional storage read operation. After EIP-2929, if the slot was already cold, this means unnecessary stack operations and extra deploy time costs. However, if the slot was already warm, this means additional cost of 100 gas alongside the same unnecessary stack operations and extra deploy time costs. 4. Custom errors from 0.8.4, leads to cheaper deploy time cost and run time cost. Note: the run time cost is only relevant when the revert condition is met. In short, replace revert strings by custom errors.
MyStrategy.sol
#0 - GalloDaSballo
2022-06-19T01:53:48Z
I believe this to be incorrect, all storage variables are at the top the rest are constants and reordering a constant has no impact as constants don't occupy any storage slot
Disagree with the inlining of non one off variables
Rest is the usual suspects