Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 36/78
Findings: 2
Award: $81.45
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: joestakey
Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 8olidity, Avci, Bahurum, Bnke0x0, Chom, ElKu, Funen, GimelSec, JC, Junnon, Kaiziron, Meera, PaludoX0, Picodes, ReyAdmirado, Sm4rty, Soosh, Waze, _Adam, __141345__, ak1, aysha, benbaessler, bin2chen, c3phas, cccz, cryptphi, csanuragjain, defsec, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, itsmeSTYJ, jonatascm, kyteg, mektigboy, oyc_109, pashov, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, scaraven, simon135, slywaters
54.9987 USDC - $55.00
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
approve without approving 0 first Swivel.sol, 561, Safe.approve(uToken, c[i], max);
You use safeApprove of openZeppelin although it's deprecated. (see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38) You should change it to increase/decrease Allowance as OpenZeppilin says.
Deprecated safeApprove in Swivel.sol line 561: Safe.approve(uToken, c[i], max);
The functions below fail to perform input validation on arrays to verify the lengths match. A mismatch could lead to an exception or undefined behavior. Consider making this a medium risk please.
https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L407 cancel ['o', 'c'] https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L82 initiate ['o', 'a', 'c'] https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L244 exit ['o', 'a', 'c']
Division by 0 can lead to accidentally revert, (An example of a similar issue - https://github.com/code-423n4/2021-10-defiprotocol-findings/issues/84)
https://github.com/code-423n4/2022-07-swivel/tree/main/Creator/VaultTracker.sol#L169 f, t, exchangeRate might be 0 https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L291 o might be 0 https://github.com/code-423n4/2022-07-swivel/tree/main/VaultTracker/VaultTracker.sol#L226 a, exchangeRate might be 0 https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L388 o might be 0
Some tokens don't correctly implement the EIP20 standard and their approve function returns void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Tokens that don't correctly implement the latest EIP20 spec, like USDT, will be unusable in the mentioned contracts as they revert the transaction because of the missing return value. We recommend using OpenZeppelin’s SafeERC20 versions with the safeApprove function that handle the return value check as well as non-standard-compliant tokens. The list of occurrences in format (solidity file, line number, actual line)
Swivel.sol, 561, Safe.approve(uToken, c[i], max);
external / public functions parameters should be validated to make sure the address is not 0. Otherwise if not given the right input it can mistakenly lead to loss of user funds.
MarketPlace.sol.createMarket c VaultTracker.sol.transferNotionalFrom t MarketPlace.sol.authRedeem t Swivel.sol.combineTokens u Swivel.sol.redeemSwivelVaultInterest u
The project is compiled with different versions of solidity, which is not recommended because it can lead to undefined behaviors.
owner param should be validated to make sure the owner address is not address(0). Otherwise if not given the right input all only owner accessible functions will be unaccessible.
Erc20.sol.permit owner
Users can mistakenly think that the return value is the named return, but it is actually the actualreturn statement that comes after. To know that the user needs to read the code and is confusing. Furthermore, removing either the actual return or the named return will save gas.
ZcToken.sol, maxRedeem
The following contracts have a function that allows them an admin to change it to a different address. If the admin accidentally uses an invalid address for which they do not have the private key, then the system gets locked. It is important to have two steps admin change where the first is announcing a pending new admin and the new address should then claim its ownership. A similar issue was reported in a previous contest and was assigned a severity of medium: code-423n4/2021-06-realitycards-findings#105
Swivel.sol MarketPlace.sol Creator.sol
Open TODOs can hint at programming or architectural errors that still need to be fixed. These files has open TODOs:
Open TODO in Swivel.sol line 32 : address public aaveAddr; // TODO immutable?
Open TODO in Swivel.sol line 707 : if (p == uint8(Protocols.Compound)) { // TODO is Rari a drop in here?
Open TODO in Swivel.sol line 285 : // TODO assign amount or keep the ADD?
Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address.
https://github.com/code-423n4/2022-07-swivel/tree/main/Creator/Erc20.sol#L117 https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L641 https://github.com/code-423n4/2022-07-swivel/tree/main/Creator/Erc20.sol#L205 https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L580
#0 - robrobbins
2022-08-31T00:48:29Z
approve 0 first what? This is likely a non issue, but adding a maybe just in case
we don't use any open zeppelin.
dupes, wontfixes.
🌟 Selected for report: joestakey
Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xsam, Avci, Aymen0909, Bnke0x0, CRYP70, ElKu, Fitraldys, Funen, JC, Kaiziron, MadWookie, Meera, ReyAdmirado, Sm4rty, Soosh, TomJ, Waze, _Adam, __141345__, ajtra, benbaessler, c3phas, csanuragjain, durianSausage, exd0tpy, fatherOfBlocks, hake, ignacio, karanctf, kyteg, m_Rassska, oyc_109, rbserver, robee, rokinot, samruna, sashik_eth, simon135, slywaters
26.4546 USDC - $26.45
In the following files there are state variables that could be set immutable to save gas.
feenominators in Swivel.sol
There are places in the code (especially in for-each loops) that loads the same array element more than once. In such cases, only one array boundaries check should take place, and the rest are unnecessary. Therefore, this array element should be cached in a local variable and then be loaded again using this local variable, skipping the redundant second array boundaries check:
Swivel.sol.setFee - double load of d[x]
Reading a storage variable is gas costly (SLOAD). In cases of multiple read of a storage variable in the same scope, caching the first read (i.e saving as a local variable) can save gas and decrease the overall gas uses. The following is a list of functions and the storage variables that you read twice:
ZcToken.sol: maturity is read twice in redeem ZcToken.sol: underlying is read twice in redeem ZcToken.sol: maturity is read twice in withdraw ZcToken.sol: underlying is read twice in withdraw
You can change the order of the storage variables to decrease memory uses.
In VaultTracker.sol,rearranging the storage fields can optimize to: 5 slots from: 6 slots. The new order of types (you choose the actual variables): 1. uint256 2. uint256 3. address 4. uint8 5. address 6. address
Using != 0 is slightly cheaper than > 0. (see https://github.com/code-423n4/2021-12-maple-findings/issues/75 for similar issue)
VaultTracker.sol, 123: change 'maturityRate > 0' to 'maturityRate != 0' VaultTracker.sol, 59: change 'maturityRate > 0' to 'maturityRate != 0' VaultTracker.sol, 165: change 'maturityRate > 0' to 'maturityRate != 0' VaultTracker.sol, 184: change 'maturityRate > 0' to 'maturityRate != 0' VaultTracker.sol, 93: change 'maturityRate > 0' to 'maturityRate != 0' VaultTracker.sol, 222: change 'maturityRate > 0' to 'maturityRate != 0'
int256 FixedPointMathLib.sol.lnWad - unnecessary casting int256(x)
You can use unchecked in the following calculations since there is no risk to overflow:
Swivel.sol (L#437) - uint256 when = block.timestamp + HOLD; Swivel.sol (L#523) - uint256 when = block.timestamp + HOLD; Swivel.sol (L#474) - uint256 when = block.timestamp + HOLD;
You can inline the following functions instead of writing a specific function to save gas. (see https://github.com/code-423n4/2021-11-nested-findings/issues/167 for a similar issue.)
LibCompound.sol, viewUnderlyingBalanceOf, { return cToken.balanceOf(user).mulWadDown(viewExchangeRate(cToken)); } LibFuse.sol, viewUnderlyingBalanceOf, { return cToken.balanceOf(user).mulWadDown(viewExchangeRate(cToken)); } FixedPointMathLib.sol, mulWadUp, { return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up. } FixedPointMathLib.sol, divWadUp, { return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up. } FixedPointMathLib.sol, mulWadDown, { return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down. } FixedPointMathLib.sol, divWadDown, { return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down. } Hash.sol, order, { return keccak256(abi.encode( ORDER_TYPEHASH, o.key, o.protocol, o.maker, o.underlying, o.vault, o.exit, o.principal, o.premium, o.maturity, o.expiry )); }
Some projects (e.g. Uniswap - https://github.com/Uniswap/interface/blob/main/src/hooks/useApproveCallback.ts#L88) set the default value of the user's allowance to 2^256 - 1. Since the value 2^256 - 1 can also be represented in hex as 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff. From Ethereum's yellow paper we know that zeros are cheaper than non-zero values in the hex representation. Considering this fact, an alternative choice could be now 0x8000000000000000000000000000000000000000000000000000000000000000 or 2^255 to represent "infinity". If you do the calculations with Remix, you will see that the former costs 47'872 gas, while the latter costs 45'888 gas. If you accept that infinity can also be represented via 2^255 (instead of 2^256-1), which almost all projects can - you can already save about 4% gas leveraging this optimisation trick on those calculations.
Swivel.sol (L#549): uint256 max = 2**256 - 1;)
We recommend not to cache msg.sender since calling it is 2 gas while reading a variable is more.
https://github.com/code-423n4/2022-07-swivel/tree/main/Creator/Creator.sol#L19 https://github.com/code-423n4/2022-07-swivel/tree/main/Marketplace/MarketPlace.sol#L40 https://github.com/code-423n4/2022-07-swivel/tree/main/Swivel/Swivel.sol#L70 https://github.com/code-423n4/2022-07-swivel/tree/main/VaultTracker/VaultTracker.sol#L33 https://github.com/code-423n4/2022-07-swivel/tree/main/Creator/VaultTracker.sol#L33