Platform: Code4rena
Start Date: 26/09/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 113
Period: 5 days
Judge: 0xean
Total Solo HM: 6
Id: 166
League: ETH
Rank: 47/113
Findings: 2
Award: $76.09
š Selected for report: 0
š Solo Findings: 0
š Selected for report: 0xNazgul
Also found by: 0x1f8b, 0x52, 0xDecorativePineapple, 0xSmartContract, 0xmatt, Aeros, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DimitarDimitrov, IllIllI, JC, Jeiwan, Lambda, Matin, Migue, Mukund, Ocean_Sky, Olivierdem, RaymondFam, RockingMiles, Rolezn, Ruhum, Satyam_Sharma, Shinchan, Tomo, Trabajo_de_mates, V_B, Waze, __141345__, a12jmx, ajtra, asutorufos, aysha, brgltd, bulej93, carrotsmuggler, catchup, cccz, chrisdior4, cryptonue, cryptphi, d3e4, defsec, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, kaden, karanctf, ladboy233, lukris02, mahdikarimi, martin, mics, natzuu, oyc_109, p_crypt0, pedr02b2, rbserver, reassor, rotcivegaf, rvierdiiev, sikorico, slowmoses, sorrynotsorry, tnevler, trustindistrust
52.0694 USDC - $52.07
| N-N | Issue | Instances |
|---|---|---|
| [Nā01] | Missing error message in require statement | 20 |
| [Nā02] | Same error message in require statement | 4 |
Total: 24 instances over 2 issues
require statementsFile: /src/core/contracts/AlgebraFactory.sol 43 require(msg.sender == owner); 60 require(tokenA != tokenB); 62 require(token0 != address(0)); 63 require(poolByPair[token0][token1] == address(0)); 78 require(owner != _owner); 85 require(farmingAddress != _farmingAddress); 92 require(vaultAddress != _vaultAddress);
File: /src/core/contracts/AlgebraPool.sol 55 require(msg.sender == IAlgebraFactory(factory).owner()); 122 require(_lower.initialized); 134 require(_upper.initialized); 229 require((_blockTimestamp() - lastLiquidityAddTimestamp) >= _liquidityCooldown); 953 require((communityFee0 <= Constants.MAX_COMMUNITY_FEE) && (communityFee1 <= Constants.MAX_COMMUNITY_FEE)); 960 require(msg.sender == IAlgebraFactory(factory).farmingAddress()); 968 require(newLiquidityCooldown <= Constants.MAX_LIQUIDITY_COOLDOWN && liquidityCooldown != newLiquidityCooldown);
File: /src/core/contracts/AlgebraPoolDeployer.sol 22 require(msg.sender == factory); 27 require(msg.sender == owner); 27 require(_factory != address(0)); 28 require(factory == address(0));
File: /src/core/contracts/DataStorageOperator.sol 43 require(msg.sender == factory || msg.sender == IAlgebraFactory(factory).owner());
File: /src/core/contracts/libraries/DataStorage.sol 369 require(!self[0].initialized);
File: /src/core/contracts/libraries/PriceMovementMath.sol 52 require(price > 0); 53 require(liquidity > 0); 70 require((product = amount * price) / amount == price); // if the product overflows, we know the denominator underflows 71 require(liquidityShifted > product); // in addition, we must check that the denominator does not underflow 87 require(price > quotient);
File: /src/core/contracts/libraries/TokenDeltaMath.sol 30 require(priceDelta < priceUpper); // forbids underflow and 0 priceLower 51 require(priceUpper >= priceLower);
require statementFile: /src/core/contracts/AlgebraPool.sol 454 if (amount0 > 0) require((receivedAmount0 = balanceToken0() - receivedAmount0) > 0, 'IIAM'); 455 if (amount1 > 0) require((receivedAmount1 = balanceToken1() - receivedAmount1) > 0, 'IIAM'); 474 require((amount0 = uint256(amount0Int)) <= receivedAmount0, 'IIAM2'); 475 require((amount1 = uint256(amount1Int)) <= receivedAmount1, 'IIAM2'); 608 require(balance0Before.add(uint256(amount0)) <= balanceToken0(), 'IIA'); 614 require(balance1Before.add(uint256(amount1)) <= balanceToken1(), 'IIA'); 641 require((amountRequired = int256(balanceToken0().sub(balance0Before))) > 0, 'IIA'); 645 require((amountRequired = int256(balanceToken1().sub(balance1Before))) > 0, 'IIA'); 739 require(limitSqrtPrice < currentPrice && limitSqrtPrice > TickMath.MIN_SQRT_RATIO, 'SPL'); 743 require(limitSqrtPrice > currentPrice && limitSqrtPrice < TickMath.MAX_SQRT_RATIO, 'SPL');
š Selected for report: IllIllI
Also found by: 0x1f8b, 0x5rings, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, 0xmatt, Aeros, Amithuddar, Awesome, Aymen0909, B2, Bnke0x0, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, HardlyCodeMan, JC, Mukund, Noah3o6, Olivierdem, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Ruhum, Saintcode_, Shinchan, SnowMan, TomJ, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, c3phas, ch0bu, cryptonue, defsec, delfin454000, dharma09, durianSausage, emrekocak, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, imare, kaden, karanctf, ladboy233, lukris02, m_Rassska, martin, medikko, mics, natzuu, oyc_109, peiw, rbserver, ret2basic, rotcivegaf, saian, shark, slowmoses, tnevler, trustindistrust, zeesaw, zishansami
24.0179 USDC - $24.02
| G-N | Issue | Instances |
|---|---|---|
| [Gā01] | ++i costs less gas than i++, especially when it's used in for-loops (--i/i-- too) | 1 |
| [Gā04] | <array>.length should not be looked up in every loop of a for-loop | 1 |
Total: 2 instances over 2 issues
++i costs less gas than i++, especially when it's used in for-loops (--i/i-- too)Saves 5 gas per loop
File: /src/core/contracts/libraries/DataStorage.sol 307 for (uint256 i = 0; i < secondsAgos.length; i++) {
<array>.length should not be looked up in every loop of a for-loopThe overheads outlined below are PER LOOP, excluding the first loop
MLOAD (3 gas)CALLDATALOAD (3 gas)Caching the length changes each of these to a DUP<N> (3 gas), and gets rid of the extra DUP<N> needed to store the stack offset
File: /src/core/contracts/libraries/DataStorage.sol 307 for (uint256 i = 0; i < secondsAgos.length; i++) {
Also can used in
File: /src/core/contracts/libraries/DataStorage.sol 294 tickCumulatives = new int56[](secondsAgos.length); 295 secondsPerLiquidityCumulatives = new uint160[](secondsAgos.length); 296 volatilityCumulatives = new uint112[](secondsAgos.length); 297 volumePerAvgLiquiditys = new uint256[](secondsAgos.length);