Platform: Code4rena
Start Date: 27/01/2022
Pot Size: $75,000 USDT
Total HM: 6
Participants: 29
Period: 7 days
Judge: leastwood
Total Solo HM: 6
Id: 72
League: ETH
Rank: 15/29
Findings: 2
Award: $362.80
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: cccz
Also found by: defsec, mics, sirhashalot
sirhashalot
Many ERC20 tokens use the OpenZeppelin ERC20 library. The OLEToken.sol contract does not. The OpenZeppelin ERC20 library includes the non-standard increaseAllowance and decreaseAllowance functions to mitigate the allowance double spend issue that exists if these functions are not available. While this frontrunning attack vector is not the most common, removing a solution to the problem means users have no good options to prevent against this risk.
The OLEToken.sol ERC20 contract only implements the minimum requirements for an ERC20 token. It does not implement the non-standard increaseAllowance and decreaseAllowance functions which provide a safer way to adjusting a user's allowance.
Add the non-standard increaseAllowance and decreaseAllowance functions from the OpenZeppelin ERC20 library to OLEToken.sol to mitigate the allowance double spend issue
#0 - ColaM12
2022-02-03T06:46:53Z
Duplicate to #87
🌟 Selected for report: Dravee
Also found by: sirhashalot
47.0985 USDT - $47.10
sirhashalot
The liquidateAllowed() function in ControllerV1.sol contract two input parameters that are not used. These could be removed to save gas.
The liquidateAmount and dexData variables are unused input parameters and could be removed.
Remove unused function input parameters for gas savings.
#0 - ColaM12
2022-02-03T06:21:19Z
Duplicate to #153
🌟 Selected for report: robee
Also found by: Dravee, mics, sirhashalot
19.0749 USDT - $19.07
sirhashalot
Strings are broken into 32 byte chunks for operations. Revert error strings over 32 bytes therefore consume extra gas as documented publicly
There are multiple examples of this gas optimization opportunity, including but not limited to:
Reducing revert error strings to under 32 bytes decreases deployment time gas and runtime gas when the revert condition is met. Alternatively, the code could be modified to use custom errors, introduced in Solidity 0.8.4: https://blog.soliditylang.org/2021/04/21/custom-errors/
#0 - ColaM12
2022-02-03T06:31:39Z
Duplicate to #6