Platform: Code4rena
Start Date: 25/10/2022
Pot Size: $50,000 USDC
Total HM: 18
Participants: 127
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 175
League: ETH
Rank: 51/127
Findings: 2
Award: $55.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0xNazgul, 0xSmartContract, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, ElKu, JC, Josiah, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Waze, __141345__, adriro, aphak5010, brgltd, c3phas, c7e7eff, carlitox477, cducrest, ch0bu, chrisdior4, cryptonue, cryptostellar5, cylzxje, d3e4, delfin454000, enckrish, evmwanderer, fatherOfBlocks, gogo, hansfriese, horsefacts, immeas, leosathya, lukris02, neumo, oyc_109, pedr02b2, rbserver, robee, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, tnevler, trustindistrust, wagmi
36.7345 USDC - $36.73
This issue is about arithmetic computation that could have been done more percise. The following are places in the codebase in which you multiplied after the divisions. Doing the multiplications at start lead to more accurate calculations. This is a list of places in the code that this appears (Solidity file, line number, actual line):
Market.sol, 605, uint liquidationFee = repaidDebt * 1 ether / price * liquidationFeeBps / 10000; Market.sol, 376, uint minimumCollateral = debt * 1 ether / oracle.viewPrice(address(collateral), collateralFactorBps) * 10000 / collateralFactorBps; Market.sol, 359, uint minimumCollateral = debt * 1 ether / oracle.getPrice(address(collateral), collateralFactorBps) * 10000 / collateralFactorBps;
To improve algorithm precision instead using division in comparison use multiplication in the following scenario:
Instead a < b / c use a * c < b.
In all of the big and trusted contracts this rule is maintained.
Market.sol, 595, require(repaidDebt <= debt * liquidationFactorBps / 10000, "Exceeded liquidation factor");
Some fee parameters of functions are not checked for invalid values. Validate the parameters:
Market.setLiquidationFeeBps (_liquidationFeeBps) Oracle.setFeed (feed)
You use safeApprove of openZeppelin although it's deprecated. (see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38) You should change it to increase/decrease Allowance as OpenZeppilin says.
Deprecated safeApprove in INVEscrow.sol line 49: _token.approve(address(xINV), type(uint).max);
The following requires are with empty messages. This is very important to add a message for any require. So the user has enough information to know the reason of failure.
Solidity file: Fed.sol, In line 93 with Empty Require message. Solidity file: GovTokenEscrow.sol, In line 67 with Empty Require message. Solidity file: INVEscrow.sol, In line 91 with Empty Require message.
The following requires has a non comprehensive messages. This is very important to add a comprehensive message for any require. Such that the user has enough information to know the reason of failure:
Solidity file: DBR.sol, In line 328 with Require message: No deficit Solidity file: Fed.sol, In line 104 with Require message: ONLY CHAIR Solidity file: Fed.sol, In line 49 with Require message: ONLY GOV Solidity file: Fed.sol, In line 58 with Require message: ONLY GOV Solidity file: Fed.sol, In line 76 with Require message: ONLY CHAIR Solidity file: Fed.sol, In line 67 with Require message: ONLY GOV Solidity file: Fed.sol, In line 87 with Require message: ONLY CHAIR
external / public functions parameters should be validated to make sure the address is not 0. Otherwise if not given the right input it can mistakenly lead to loss of user funds.
Market.sol.forceReplenish user GovTokenEscrow.sol.delegate delegatee Market.sol.liquidate user Oracle.sol.getPrice token DBR.sol.approve spender DBR.sol.setPendingOperator newOperator_ Oracle.sol.setPendingOperator newOperator_ Market.sol.setLender _lender BorrowController.sol.allow allowedContract Oracle.sol.setFixedPrice token Market.sol.setGov _gov DBR.sol.transferFrom to DBR.sol.accrueDueTokens user GovTokenEscrow.sol.initialize _beneficiary DBR.sol.onRepay user Fed.sol.changeGov _gov DBR.sol.transferFrom from Market.sol.withdrawOnBehalf from DBR.sol.removeMinter minter_ DBR.sol.onForceReplenish user DBR.sol.addMinter minter_ BorrowController.sol.deny deniedContract INVEscrow.sol.initialize _beneficiary Fed.sol.changeChair _chair INVEscrow.sol.delegate delegatee Market.sol.repay user GovTokenEscrow.sol.pay recipient DBR.sol.permit spender Market.sol.setPauseGuardian _pauseGuardian Oracle.sol.setFeed token Market.sol.deposit user DBR.sol.onBorrow user BorrowController.sol.setOperator _operator INVEscrow.sol.pay recipient DBR.sol.addMarket market_ DBR.sol.mint to SimpleERC20Escrow.sol.pay recipient Market.sol.borrowOnBehalf from DBR.sol.transfer to
The project is compiled with different versions of solidity, which is not recommended because it can lead to undefined behaviors.
You should use safe math for solidity version <8 since there is no default over/under flow check it suchversions of solidity.
The contract Test.sol doesn't use safe math and is of solidity version < 8 The contract console.sol doesn't use safe math and is of solidity version < 8 The contract console2.sol doesn't use safe math and is of solidity version < 8 The contract Script.sol doesn't use safe math and is of solidity version < 8 The contract Vm.sol doesn't use safe math and is of solidity version < 8
owner param should be validated to make sure the owner address is not address(0). Otherwise if not given the right input all only owner accessible functions will be unaccessible.
DBR.sol.permit owner
The following contracts have a function that allows them an admin to change it to a different address. If the admin accidentally uses an invalid address for which they do not have the private key, then the system gets locked. It is important to have two steps admin change where the first is announcing a pending new admin and the new address should then claim its ownership. A similar issue was reported in a previous contest and was assigned a severity of medium: code-423n4/2021-06-realitycards-findings#105
Market.sol
Those are functions and parameters pairs that the function doesn't use the parameter. In case those functions are external/public this is even worst since the user is required to put value that never used and can misslead him and waste its time.
Market.sol: function setGov parameter _gov isn't used. (setGov is public) Oracle.sol: function setFeed parameter tokenDecimals isn't used. (setFeed is public) Market.sol: function setOracle parameter _oracle isn't used. (setOracle is public) Oracle.sol: function setPendingOperator parameter newOperator_ isn't used. (setPendingOperator is public) Market.sol: function setBorrowController parameter _borrowController isn't used. (setBorrowController is public) BorrowController.sol: function allow parameter allowedContract isn't used. (allow is public) Market.sol: function setPauseGuardian parameter _pauseGuardian isn't used. (setPauseGuardian is public) Oracle.sol: function setFeed parameter token isn't used. (setFeed is public) Market.sol: function setLender parameter _lender isn't used. (setLender is public) BorrowController.sol: function deny parameter deniedContract isn't used. (deny is public) Oracle.sol: function setFixedPrice parameter price isn't used. (setFixedPrice is public) BorrowController.sol: function setOperator parameter _operator isn't used. (setOperator is public) Oracle.sol: function setFixedPrice parameter token isn't used. (setFixedPrice is public) Oracle.sol: function setFeed parameter feed isn't used. (setFeed is public)
Use of tx.origin for authorization may be abused by a MITM malicious contract forwarding calls from the legitimate user who interacts with it. Use msg.sender instead.
BorrowController.sol, 47: if(msgSender == tx.origin) return true;
Open TODOs can hint at programming or architectural errors that still need to be fixed. These files has open TODOs:
Open TODO in INVEscrow.sol line 34 : xINV = _xINV; // TODO: Test whether an immutable variable will persist across proxies
Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address.
https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L399 https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L176 https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L291 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L537 https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L378 https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L200 https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L364 https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/GovTokenEscrow.sol#L45 https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/INVEscrow.sol#L63 https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/SimpleERC20Escrow.sol#L38 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L205 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L570 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L602 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Fed.sol#L135 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L280
To give more trust to users: functions that set key/critical variables should be put behind a timelock.
https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L53 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L183 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L124 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L136
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
approve without approving 0 first INVEscrow.sol, 49, _token.approve(address(xINV), type(uint).max);
use openzeppilin's safeCast in:
https://github.com/code-423n4/2022-10-inverse/tree/main/lib/forge-std/src/Script.sol#L17 : unsafe cast uint8(nonce) https://github.com/code-423n4/2022-10-inverse/tree/main/lib/forge-std/src/Script.sol#L17 : unsafe cast uint16(nonce) https://github.com/code-423n4/2022-10-inverse/tree/main/lib/forge-std/src/Script.sol#L17 : unsafe cast uint32(nonce) https://github.com/code-423n4/2022-10-inverse/tree/main/lib/forge-std/src/Script.sol#L17 : unsafe cast uint24(nonce) https://github.com/code-423n4/2022-10-inverse/tree/main/src/DBR.sol#L146 : unsafe cast int(accrued)
Division by 0 can lead to accidentally revert, (An example of a similar issue - https://github.com/code-423n4/2021-10-defiprotocol-findings/issues/84)
https://github.com/code-423n4/2022-10-inverse/tree/main/src/Oracle.sol#L137 collateralFactorBps might be 0 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L597 price might be 0 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Market.sol#L606 price might be 0 https://github.com/code-423n4/2022-10-inverse/tree/main/lib/forge-std/src/Test.sol#L765 a, b, absB might be 0 https://github.com/code-423n4/2022-10-inverse/tree/main/src/Oracle.sol#L98 collateralFactorBps might be 0
Some tokens don't correctly implement the EIP20 standard and their approve function returns void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Tokens that don't correctly implement the latest EIP20 spec, like USDT, will be unusable in the mentioned contracts as they revert the transaction because of the missing return value. We recommend using OpenZeppelin’s SafeERC20 versions with the safeApprove function that handle the return value check as well as non-standard-compliant tokens. The list of occurrences in format (solidity file, line number, actual line)
INVEscrow.sol, 49, _token.approve(address(xINV), type(uint).max);
Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer return value has to be checked (as there are some other tokens that returns false instead revert), that means you must
Fed.sol, 135 (takeProfit), dola.transfer(gov, profit); GovTokenEscrow.sol, 45 (pay), token.transfer(recipient, amount); SimpleERC20Escrow.sol, 38 (pay), token.transfer(recipient, amount); Market.sol, 280 (deposit), collateral.transferFrom(msg.sender, address(escrow), amount); INVEscrow.sol, 63 (pay), token.transfer(recipient, amount);
#0 - c4-judge
2022-11-08T00:30:29Z
0xean marked the issue as grade-b
🌟 Selected for report: pfapostol
Also found by: 0x1f8b, 0xRoxas, 0xSmartContract, Amithuddar, Aymen0909, B2, Bnke0x0, Chandr, CloudX, Deivitto, Diana, Dinesh11G, ElKu, HardlyCodeMan, JC, JrNet, KoKo, Mathieu, Ozy42, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Shinchan, __141345__, adriro, ajtra, aphak5010, ballx, c3phas, carlitox477, ch0bu, chaduke, cryptostellar5, djxploit, durianSausage, enckrish, exolorkistis, fatherOfBlocks, gogo, horsefacts, kaden, karanctf, leosathya, martin, mcwildy, oyc_109, ret2basic, robee, sakman, sakshamguruji, shark, skyle, tnevler
19.0072 USDC - $19.01
The following structs could change the order of their stored elements to decrease memory uses. and number of occupied slots. Therefore will save gas at every store and load from memory.
In Test.sol, StdStorage is optimized to: 6 slots from: 7 slots. The new order of types (you choose the actual variables): 1. mapping 2. mapping 3. bytes32[] 4. uint256 5. bytes32 6. address 7. bytes4
Boolean variables can be checked within conditionals directly without the use of equality operators to true/false.
BorrowController.sol, 47: if(msgSender == tx.origin) return true; DBR.sol, 350: require(minters[msg.sender] == true || msg.sender == operator, "ONLY MINTERS OR OPERATOR");
Unused state variables are gas consuming at deployment (since they are located in storage) and are a bad code practice. Removing those variables will decrease deployment gas cost and improve code quality. This is a full list of all the unused storage variables we found in your code base.
Script.sol, IS_SCRIPT DBR.sol, decimals
Reading a storage variable is gas costly (SLOAD). In cases of multiple read of a storage variable in the same scope, caching the first read (i.e saving as a local variable) can save gas and decrease the overall gas uses. The following is a list of functions and the storage variables that you read twice:
Market.sol: gov is read twice in pauseBorrows Market.sol: lender is read twice in recall
You can change the order of the storage variables to decrease memory uses.
In DBR.sol,rearranging the storage fields can optimize to: 9 slots from: 10 slots. The new order of types (you choose the actual variables): 1. string 2. string 3. uint256 4. uint 5. uint 6. uint256 7. bytes32 8. address 9. uint8 10. address
In Market.sol,rearranging the storage fields can optimize to: 17 slots from: 18 slots. The new order of types (you choose the actual variables): 1. IDolaBorrowingRights 2. IBorrowController 3. IERC20 4. IERC20 5. IOracle 6. uint 7. uint 8. uint 9. uint 10. uint 11. uint 12. uint256 13. bytes32 14. address 15. bool 16. bool 17. address 18. address 19. address
The following require messages are of length more than 32 and we think are short enough to short them into exactly 32 characters such that it will be placed in one slot of memory and the require function will cost less gas. The list:
Solidity file: DBR.sol, In line 63, Require message length to shorten: 34, The message: replenishment price must be over 0 Solidity file: DBR.sol, In line 326, Require message length to shorten: 38, The message: Only markets can call onForceReplenish
Using != 0 is slightly cheaper than > 0. (see https://github.com/code-423n4/2021-12-maple-findings/issues/75 for similar issue)
Market.sol, 605: change 'liquidationFeeBps > 0' to 'liquidationFeeBps != 0' Market.sol, 184: change '_liquidationIncentiveBps > 0' to '_liquidationIncentiveBps != 0' Market.sol, 195: change '_liquidationFeeBps > 0' to '_liquidationFeeBps != 0' Market.sol, 162: change '_liquidationFactorBps > 0' to '_liquidationFactorBps != 0' DBR.sol, 373: change 'balance > 0' to 'balance != 0' Market.sol, 162: change 'liquidationFactorBps > 0' to 'liquidationFactorBps != 0' Market.sol, 184: change 'liquidationIncentiveBps > 0' to 'liquidationIncentiveBps != 0' DBR.sol, 63: change 'newReplenishmentPriceBps_ > 0' to 'newReplenishmentPriceBps_ != 0' Market.sol, 173: change '_replenishmentIncentiveBps > 0' to '_replenishmentIncentiveBps != 0' Market.sol, 195: change 'liquidationFeeBps > 0' to 'liquidationFeeBps != 0' Market.sol, 75: change '_liquidationIncentiveBps > 0' to '_liquidationIncentiveBps != 0' DBR.sol, 123: change 'balance > 0' to 'balance != 0' Market.sol, 75: change 'liquidationIncentiveBps > 0' to 'liquidationIncentiveBps != 0' DBR.sol, 195: change 'balance > 0' to 'balance != 0' Market.sol, 592: change 'repaidDebt > 0' to 'repaidDebt != 0' DBR.sol, 171: change 'balance > 0' to 'balance != 0' Market.sol, 607: change 'balance > 0' to 'balance != 0' Market.sol, 173: change 'replenishmentIncentiveBps > 0' to 'replenishmentIncentiveBps != 0' Test.sol, 735: change 'a > 0' to 'a != 0'
You can use unchecked in the following calculations since there is no risk to overflow:
Test.sol (L#33) - vm.warp(block.timestamp + time);
You can inline the following functions instead of writing a specific function to save gas. (see https://github.com/code-423n4/2021-11-nested-findings/issues/167 for a similar issue.) Script.sol, addressFromLast20Bytes, { return address(uint160(uint256(bytesValue))); }
The following functions are used exactly once. Therefore you can inline them and save gas and improve code clearness.
Market.sol, getWithdrawalLimitInternal Market.sol, createEscrow
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
The advantages of versions 0.8.* over <0.8.0 are:
1. Safemath by default from 0.8.0 (can be more gas efficient than library based safemath.) 2. Low level inliner : from 0.8.2, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For example, OpenZeppelin libraries typically have a lot of small helper functions and if they are not inlined, they cost an additional 20 to 40 gas because of 2 extra jump instructions and additional stack operations needed for function calls. 3. Optimizer improvements in packed structs: Before 0.8.3, storing packed structs, in some cases used an additional storage read operation. After EIP-2929, if the slot was already cold, this means unnecessary stack operations and extra deploy time costs. However, if the slot was already warm, this means additional cost of 100 gas alongside the same unnecessary stack operations and extra deploy time costs. 4. Custom errors from 0.8.4, leads to cheaper deploy time cost and run time cost. Note: the run time cost is only relevant when the revert condition is met. In short, replace revert strings by custom errors.
Test.sol Script.sol console2.sol console.sol Vm.sol
We recommend not to cache msg.sender since calling it is 2 gas while reading a variable is more.
https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/GovTokenEscrow.sol#L32 https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/INVEscrow.sol#L46 https://github.com/code-423n4/2022-10-inverse/tree/main/src/escrows/SimpleERC20Escrow.sol#L27
#0 - c4-judge
2022-11-05T23:51:10Z
0xean marked the issue as grade-b